Highest Voted 'pcap' Questions - Server Fault Stack Exchange

2

votes

0 answers

replay decrypted ssl traffic with tcpreplay

I have an pcap format from some https traffic from one of my web-servers. So I can use the key from my webserver to decrypt the traffic in wireshark. The problem I'm now facing is that I can't get an unencrypted pcap file from wireshark. I want to…

asked Apr 30 '14 at 13:14

timmeyh

968
1
6
25

2

votes

3 answers

How to capture contents of the first packet of TCP connections using tcpdump

I'm tasked with monitoring and debugging a SOAP web service, on network level. I can use tcpdump to capture the whole traffic coming from customers on port 80, but I can't limit the capture for every request to just the first received…

linux networking tcpdump pcap

asked Apr 15 '14 at 09:39

zaadeh

161
2
6

2

votes

1 answer

Freeradius server is not accepting accounting packets through tcpreplay

I am running a free radius server on system A. I am sending test accounting requests using radclient radclient -x systemA acct testing123 from system B. I can see that the radius server recieved these requests from its debug logs. I had saved these…

linux radius freeradius pcap tcpreplay

asked Oct 18 '13 at 10:12

woodstok

131
5

2

votes

1 answer

How can I reconstruct session from pcap file?

I am trying to extract session level (flow level) information from my pcap trace file. I want to generate the following data for each line of session (flow): Flow_num, IP_Src, IP_Dst, Flow_start_time, Flow_Duration, Flow_type…

log-files session pcap

asked Nov 12 '12 at 01:54

Hassan HABIBI

21
3

2

votes

2 answers

Getting interface MTU under Linux with PCAP

I am interested in storing packets I sniff using PCAP. As I preallocate the memory I need - i.e. a multiple of the MTU of the interface I am sniffing from, I would like to discover how much memory I need before opening the live session. Is it…

linux mtu pcap

asked Feb 18 '12 at 17:26

ziu

173
1
8

2

votes

2 answers

CLI tool for analyzing pcap captures

I am looking for a command line tool that will look at a capture file, tcpdump -w output, and give output equivalent to the information you get in the Wireshark conversations, and endpoint statistics. To give you a little background, I have the…

command-line-interface analysis packet-capture pcap tshark

asked Jan 06 '11 at 19:26

Zoredache

130,897
41
276
420

2

votes

2 answers

pcap stream rotation and pruning

Some of my servers collect a lot of packet data. Is there a utility (or patch to tcpdump(1)) to log a pcap stream to disk which: Rotates based on size of data written Prunes written files, keeping only the N most recent Does not re-use output…

logging tcpdump pcap rotation

asked Mar 15 '10 at 15:44

pilcrow

459
5
19

2

votes

3 answers

Good (free / open source) tools for analyzing TCP capture files?

I use wireshark and microsoft network monitor extensively, but I'm curious if there are other good (hopefully free / open source) software packages for analyzing TCP/IP traffic? I'm especially interested in forensic uses and analysis of network…

networking tcpip packet-sniffer pcap

asked Feb 12 '10 at 04:21

John Weldon

413
1
3
13

2

votes

1 answer

Extracting TCP application data from pcap file

Given a .pcap (or similar) file, I'd like to select one TCP connection and dump both application data streams (the one from the other peer and the one two the other peer) into two separate files on disk. Let's assume that I have a .pcap file that…

networking tcpdump network-traffic pcap parsing

asked Jan 28 '22 at 09:22

Johannes Weiss

193
2
8

2

votes

2 answers

wireshark captures different on two computers from the same port

I Have a Windows XP Machine Running wireshark, connected to a Mirror port on a network. I'm capturing with no filtering, and it can only see half of some two way TCP conversations. I had thought it was a mirror port issue on the switch, but I can…

mirror wireshark pcap

asked Jan 11 '10 at 22:11

bk.

768
1
4
13

1

vote

0 answers

How do i convert text capture files back to pcap files?

I have opened Wireshark, selected the a.pcap file, and then went to File->Export and chose (K12 text file) to convert to text. Result is a.txt file. How can I convert back a.txt file to original pcap file. I want to edit some time stamps in a.txt…

wireshark pcap

asked Nov 21 '19 at 11:23

Vinod

111
1
3

1

vote

2 answers

I have a loopback traffic in linux involving port 631 and I have no idea what is causing it

So I did some packet capturing in my networking and everything else is actually fine except for this weird communication where source and destination is literally 127.0.0.1, source port is 631, and destination port is a continuously incrementing…

linux tcp wireshark loopback pcap

asked Aug 29 '19 at 11:15

cmakeislife

13
2

1

vote

3 answers

(internal) Packet capture in a google cloud VPC network?

I have a VPC network set up in google cloud with a few instances running. One of these instances serves as a VPN machine, allowing me to interact with the instances from the internet. I want to capture traffic: From the internet to the VPC network.…

google-cloud-platform pcap

asked Sep 05 '17 at 09:53

AleVe

11
1
3

1

vote

0 answers

Slow VPN performance - TCP Issue?

I am having issues with the performance of a VPN, it is just one VPN in particular and I have captured the following PCAP from the server in question. My understanding is that the "Ack" field should be the "Seq" number of the packet it is…

vpn pcap

asked Jul 26 '17 at 15:13

Lee Armstrong

149
7

1

vote

1 answer

Replaying pcap file for Snort

I currently have the following, presumably standard, setup: I have a physical server with Snort running. Snort logs into its log files as it should. Those files are tracked by barnyard2 which writes the traffic to a database for Snorby. Snort and…

snort pcap ids tcpreplay

asked May 18 '17 at 18:56

Roper

121
3

Questions tagged [pcap]