1

Why does tcpdump not give my more details? Each time it only comes as - 16:22:26.128541 [|ether]

# ./tcpdump -vv not port 22
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
16:22:26.128541 [|ether]
16:22:26.128541 [|ether]
16:22:26.128541 [|ether]
16:22:26.128541 [|ether]
16:22:26.128541 [|ether]
veccy
  • 111
  • 1
  • Please, add output: tcpdump -pn -s 0 -X not port 22 – bindbn Sep 25 '10 at 14:58
  • Most likely, tcpdump is not giving you any more information because it does not have any more information to give you. Likely all it understands about the packets is that they are valid ethernet packets. Using '-e' might help. – David Schwartz Aug 21 '11 at 09:21

1 Answers1

0

You need to specify your interface with the -i flag (it is defaulting to eth0, is there another interface?)

-p makes is not show port names (www for 80) and -n makes it not lookup DNS names (you'll see only the IP)

-s0 says to capture the whole packet, not just the beginning. -X shows hex and ascii data.

-v is probably not needed here - it produces slightly more input, but you aren't capturing any IP data

If you leave off the "not port 22", do you see the ssh traffic on the host?

Ben
  • 337
  • 1
  • 2
  • 15