Highest Voted 'pcap' Questions - Server Fault Stack Exchange

1

vote

1 answer

Possible to dump sflow data to pcap format?

I want to get the packet capture from fortiet/fortigate device, to capture all traffic from it on one of its interface. For it i have enabled sflow and sent it to another ntopng server. but on ntopng , i am able to see the sflow data but is there…

asked Sep 19 '16 at 13:05

Farhan

4,269
11
49
80

1

vote

1 answer

Search all pcap files in a folder and sub-folders for a certain condition

I have a folder (containing many sub-folders) full of pcap files and I'd like to get all pcap files containing packets that match a certain condition, for example "have source IP 1.1.1.1". Do you know any tool that does that kind of search? I need…

pcap

asked Jul 22 '16 at 05:47

Yuri Vladinsky

27
6

1

vote

2 answers

Is it possible to split PCAPS into multiple files bases on simple criteria

Is it possible to split PCAPS into multiple files bases on simple criteria Origional.pcap {split on port 80} which generates the 2 following files all_port_80.pcap everything_else.pcap Or would it be easier to create multiple different tcpdumps…

pcap

asked Jan 28 '14 at 21:50

tkrabec

300
1
8

1

vote

1 answer

How to leave promiscuous mode in dnscap?

How to leave promiscuous mode in dnscap? dnscap -a makes no difference.

linux domain-name-system pcap

asked Nov 17 '11 at 13:44

mr-euro

848
3
14
31

1

vote

1 answer

email server delivers one message, but not another. no errors

i have sent two messages, one from the local server, one from the production environment. the message from the local server goes through, but the production message does not. both messages are identical in content. logs on server show both messages…

email pcap email-server

asked Aug 08 '10 at 23:33

stoodfarback

111
1

1

vote

1 answer

How to split pcap per IRC channels

I wonder if there is a way how to split a pcap that contains (only) IRC per channels. I'm trying to compare accuracy of botnet detection in channels using existing IDS (suricata, snort). The only way how to check which IRC channel was detected seems…

tcpdump pcap irc

asked Jul 18 '20 at 13:22

preneond

113
3

1

vote

0 answers

How can I capture traffic for a daemon listening on a cloned loopback IP address?

I have a daemon listening on a virtual IP address attached to a cloned loopback interface (lo1) on FreeBSD 11.x. Inbound traffic for that daemon could arrive on several different physical interfaces, however running tcpdump on loopback only shows…

networking freebsd packet-capture loopback pcap

asked Feb 24 '20 at 13:56

Alnitak

21,191
3
52
82

0

votes

1 answer

Retrieve data from wireshark (PCAPNG)

I have a PCAPNG file and I need to retrieve two files from it, one is a TXT and the other one is a PNG. The provided file does not have FTP-DATA, it only have ARP, DHCP, DNS, FTP, HTTP, IGMPv3, OCSP, SSDP, TCP, TLSv1.2, TLSv1.3 and UDP packets. This…

ftp wireshark pcap

asked Nov 20 '19 at 18:05

Mateo Gutierrez

13
2

0

votes

1 answer

Are TCP RTO value and RTT value influenced by the packet size?

I am doing troubleshooting in my network. I found some re-transmission by using wireshark. The segment 1400 bytes are well transmitted but The segment 800 bytes are lost and re-transmitted. I know RTO value is controlled by RTT and its variance. My…

tcp wireshark packet-capture pcap

asked Aug 30 '19 at 14:07

nimdrak

29
1
7

0

votes

1 answer

Capture packets on loopback

I'm running web service on my windows 10 machine. I decided to look at the packets between my service and client running on the same machine by using Wireshark. I know that it is not possible to get listen to packets on the same machine, but I found…

windows wireshark pcap

asked Jun 11 '19 at 11:00

vico

99
1
2

0

votes

1 answer

Filter pcap by subsecond detail?

I'm trying to export a subset of a pcap file given a start and an end message, this start and end message identification is currently done using ngrep on the raw data(because we have no dissector for the specific protocol) Ideally I would like to…

wireshark filter pcap

asked Mar 28 '17 at 11:56

Kristofer

113
1
7

0

votes

2 answers

Packet fragmentation confusion

I was playing around with dpkt in Python, trying to decode PPPoE - and the program was working just fine, till I noticed that the Offset in the encapsulation IP packets was always 0, even with clearly fragmented packets. As can be seen, the server…

python ipv4 pcap fragmentation

asked Dec 22 '16 at 20:59

jcoppens

103
1

0

votes

1 answer

ngrep output format clarification

I am trying to debug a connection that has been appearing in my environment from an unknown server. I want to find a PID if it is associated with one. Tried "netstat -anp" but it doesn't find anything. But the connection is sporadic, so I tried…

pcap ngrep

asked Sep 29 '16 at 15:52

JDS

2,598
4
30
49

0

votes

1 answer

how can i export sflow data to be saved in pcap on other server in realtime?

I have a pfsense server, all of attacks will come to its WAN interface. i have setup another packet analysis tool on private network behind pfsense. i want to send realtime WAN traffic from pfsense WAN to backend private server, which is listening…

networking pfsense packet-capture pcap sflow

asked Sep 28 '16 at 16:05

Farhan

4,269
11
49
80

0

votes

0 answers

http timing stats from tcp trace

I am trying to find a tool to extract HTTP timing stats from network traces; namely time to connect, time to first byte, total time to serve.I am talking about very large traces with millions of requests. Ideally I would like to generate Apache…

http tcpdump pcap statistics

asked Sep 19 '16 at 13:46

Azer H

1
2

Questions tagged [pcap]