Highest Voted 'tcpdump' Questions - Server Fault Stack Exchange

1

vote

1 answer

Validate send packet against recived packets?

Running Ubuntu. I have machine A -> machine B (one-way connection from A to B) . Machine A goal is to forward tcp packets to machine B (it dosnt has tcp connection with machine B. it just forward tcp packets that it get from other machines) In…

networking linux-networking tcpdump

asked Aug 08 '12 at 16:21

Avihai Marchiano

612
3
16
32

1

vote

4 answers

Sniffing packets of specific binaries / apps / process id?

Is there a way to associate packets with executing binaries? I would be open to traditional sniffing methods or even dtrace for that matter. I have a specific issue on a system with very high traffic. Sniffing "all" packets and filtering them is…

wireshark tcpdump packet-capture packet-sniffer dtrace

asked Jul 12 '12 at 21:31

ylluminate

1,155
2
17
35

1

vote

1 answer

How to filter out "bad-len 0" packets with tcpdump?

When I listen internal network interface of router on freebsd, I get outputs like this 10:36:02.372026 IP 192.168.1.11.8888 > 192.168.1.2.49831: Flags [.], ack 1097, win 65050, length 0 10:36:02.374275 IP 46.163.78.160.123 > 192.168.1.2.32999:…

freebsd network-monitoring tcpdump

asked May 18 '12 at 08:18

ibrahim

431
1
7
20

1

vote

1 answer

PCAP to Syslog utility

I am looking for a tool which sniff all the traffic on an interface and produce a syslog like Cisco log in real time. Example : Feb 16 10:19:05 tcp S.S.S.S(6083) -> D.D.D.D(80), 1 packet Feb 16 10:19:07 tcp S.S.S.S(80) -> D.D.D.D(4662), 1 …

linux wireshark tcpdump packet-sniffer

asked Feb 16 '12 at 18:18

Dom

6,743
1
20
24

1

vote

1 answer

Tcpdump says "Illegal instruction"

Following the tutorial on http://www.waitingforthefuture.org/2009/12/25/compiling-tcpdump-for-tomato-firmware/, I tried to compile tcpdump. I did the compilation on an Intel Pentium 4 2.26Ghz computer running Ubuntu 10.04. My router uses a BCM3302…

linux tcpdump

asked Jan 23 '12 at 07:43

Dave

225
3
8

1

vote

1 answer

Can't see traffic in my guest OS with tcpdump

I've created a virtual machine (Centos 6.0) using QEMU/KVM, which is also running on a Centos 6.0. The virtual machine is configured to have two NICs. The first NIC is using a bridged network (eth0 of the host) and the second NIC is also using a…

centos monitoring kvm-virtualization tcpdump network-traffic

asked Jan 10 '12 at 15:00

lsimard

41
4

1

vote

7 answers

Firewall blocks traffic - how to find out what ports / ip addresses are used by software?

Well I get a "host was not accessible" error when trying to use a software. I don't know which port they use nor which address they are trying to reach. Is there a more or less easy way to figure that out? I got a program called wireshark - but the…

firewall wireshark tcpdump

asked Dec 13 '11 at 10:34

Toskan

115
2
2
9

1

vote

1 answer

I'm being asked to support mapping many SSL keys to one IP but I think it's a bad idea. Am I wrong?

At work, I've been asked to add support for mapping multiple keys to a single (or many even) IP to what is essentially a passive HTTP sniffer. It supports SSL decryption with user-uploaded keys. Currently, it supports a one IP to one key mapping,…

networking ssl load-balancing https tcpdump

asked Oct 20 '11 at 15:48

sandroid

1,724
12
16

1

vote

1 answer

How to save the packets received by a network interface or some port in a file and resend the packets received when needed?

I am doing my work on a server service program on Linux that processes the packets sent to the socket it listens.Their is already a old such service listening on the port doing its job,and I can't stop the old server service, and I need to get the…

linux networking tcpdump

asked Aug 31 '11 at 13:31

king6cong

11
1

1

vote

0 answers

tcpdump strange udp line

I've found a strange line in the tcpdump output. Normally UDP packets are dumped in the following form: timestamp IP srcaddress.port > dstaddress.port: UDP, length packetlength but this is just: timestamp IP srcaddress > dstaddress: udp note the…

udp tcpdump

asked Aug 31 '11 at 13:00

Karoly Horvath

334
1
4
14

1

vote

2 answers

Solaris VM Experiencing Frequent Timeouts

We are having an issue with all of our Solaris VMs. The issue we're seeing is frequent timeouts when when connecting via SSH or HTTP. It only seems to affect initial connections... when I connect via SSH it will hang and timeout before I even get…

solaris virtual-machines tcpip tcpdump snoop

asked Jul 24 '11 at 05:41

Derek Ivey

33
3

1

vote

1 answer

TCP stops sending weirdly

In case to find out the cause of TCP retransmits on my Linux (RHEL, kernel 2.6.18) servers connecting to the same switch. I had a client-server pair send "Hello" to each other every 200us and captured the packets with tcpdump on the client machine.…

linux networking tcp tcpdump

asked Jun 27 '11 at 06:44

Utoah

281
1
2
6

1

vote

2 answers

PPTP traffic logging

I am running pptpd on a Centos 5 machine but I didnt set up any logging. In case of an abuse, I need to determine which of my users did the bad things, meaning I need to log all the traffic. I may have up to 20 users which will use the VPN…

centos logging pptp tcpdump

asked Jun 04 '11 at 03:05

jon

31
1
3

1

vote

3 answers

How to collect concise traffic statistics on linux?

I need to have statistics divided by time periods, like this: time_1 - time_1 + 5mins from_ip1 > to_ip2 total_packages_size1 from_ip3 > to_ip4 total_packages_size2 time_1 + 5mins - time_1 + 10mins from_ip1 > to_ip2 total_packages_size3 from_ip5…

linux networking traffic tcpdump

asked Dec 10 '10 at 13:38

Roman

197
3
6

1

vote

3 answers

Dropped packets in Linux

I'am using a machine as a router, it works sort of fine, however if I do a ping -t whatever.server it will always cause a 3-4% package loss, no matter what server. Looking at ifconfig or netstat -i show no errors what so ever, what are some of the…

linux networking wireshark tcpdump ifconfig

asked Dec 03 '10 at 14:47

Anders

283
1
4
12

Questions tagged [tcpdump]