Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [tcpdump]

tcpdump is a CLI tool for capturing and displaying packets sent and received by network devices.

466 questions
1
vote
4 answers

How to block packets after capturing?

I use tcpdump to capture output packets for one server, but I also need to block these packets. If I use iptables to block them, then I also can not capture anything. Can I block packets with iptables and still capture the packets before they are…
larry
  • 4,037
  • 9
  • 36
  • 42
1
vote
2 answers

TCPDUMP = How to detect and analyse "Suspicious" Traffic to 192.xxx Addresses?

I just played a little bit with tcpdump (as I wanted to check why my mails are not getting send) and thereby discovered very strange and a lot of traffic to the "Private IPs". Please See examples below: 05:11:23.639588 IP my.host.com.52822 >…
jens
  • 1,001
  • 1
  • 10
  • 10
1
vote
1 answer

tcpdump not giving details

Why does tcpdump not give my more details? Each time it only comes as - 16:22:26.128541 [|ether] # ./tcpdump -vv not port 22 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 16:22:26.128541 [|ether] 16:22:26.128541…
veccy
  • 111
  • 1
1
vote
3 answers

tcpdump syntax for only capturing traffic coming to a specific virtual interface / local IP

CentOS 5.x I need to collect a packet capture of https requests going to a specific IP address / virtual interface. Is there a specific switch/parameter for tcpdump that will allow that? The other IPs receive a lot of traffic so I'd prefer to not…
Mike B
  • 11,871
  • 42
  • 107
  • 168
1
vote
2 answers

Why Packet Loss AFTER tcpdump has logged the packet?

We encounter some strange packet loss and want to know the reason for this. We have an imageserver and a server for stressing the imageserver. Both are located in the same datacenter First we run a load test like this (command shortened for…
Janning
  • 1,421
  • 2
  • 21
  • 38
1
vote
2 answers

Question about tcpdump

On this link I found few informations about use of tcpdump. But, can you give me more information about example showed on that page: tcpdump -s 128 -vvv -T rtcp src orac and port 57393 11:58:52.027102 orac.erg.abdn.ac.uk.1053 > 224.2.156.220.57393:…
user48058
  • 863
  • 3
  • 12
  • 20
1
vote
2 answers

How can I capture traffic with tcpdump and a sliding window or sort of "logrotate"?

I want to capture some traffic with tcpdump for troubleshooting. The problem is, the error is not reproducible. To not fill up the hole disks with captures, I would like to capture the traffic with some sort of sliding window. Let's say I write the…
Christian
  • 4,703
  • 2
  • 24
  • 27
1
vote
1 answer

Running Job and Paused Job Writing to the same File

So I ran tcpdump twice overnight by accident, both outputting to the same file. However, I ran them as jobs and one of them has been paused the whole time. Anyone have a recommendations on how to keep the file? So far I have thought of: kill -9…
Kyle Brandt
  • 83,619
  • 74
  • 305
  • 448
1
vote
1 answer

Why do UDP packets generated by Linux running in a virtual machine have defective UDP checksums?

I've set up some interconnected qemu VMs to test out port forwarding rules. For now, my current blocker is much simpler and has nothing to do with port forwarding. When I send a UDP packet from a go program through the Linux OS, it is flagged as…
maurice77
  • 13
  • 3
1
vote
1 answer

IPv6 port scanners hang after scanning a closed port

I am testing nftables firewall rules using two virtual machines, one with the active firewall and one that tries to connect to it. For example with netcat and no firewall: nc -6 fe80::9d08:b3e2:47fa:2935%ens33 responds successfully with…
stmas
  • 11
  • 1
1
vote
0 answers

What is the key file for ssldump?

I search google for a tool to decode https traffic and get the ssldump with examples like: ssldump -k xxx.pem -i eth0 -d host example.com I wonder what the key file xxx.pem is. On the server hosting example.com, the file is what is specified by…
peter
  • 93
  • 13
1
vote
1 answer

Client TCP segments arrive in batches

The scenario is the following: a WebSocket server and clients exchange messages at some pace (like 40-50 times in a second). However, for one client, once in a few minutes I'm observing that there is a 5-second (always the same span) period, when…
tonso
  • 111
  • 4
1
vote
0 answers

Why is TCP doing RTO based retransmits (200ms+ wait) vs other fast-retransmission mechanisms?

(Trying this forum after the question was deemed off-topic for Stack Overflow & Network Engineering) I am investigating an issue where we see occasional 200ms+ spikes in a simple tcp client/server application. These spikes are always in 200ms -…
RandomQuestion
  • 111
  • 2
1
vote
1 answer

Duplicate tcpdump output in cooked capture mode from bridge interfaces

I'm working with a system that has multiple bridge interfaces. I would like to monitor traffic on multiple interfaces, but tcpdump is capturing from both the master interface and its identical bridge, resulting in duplicate output for the same…
forest
  • 462
  • 3
  • 13
1
vote
0 answers

dhcp-relay cannot recieve DHCPOFFER packet from DHCP server in shared network

I'm using the dnsmasq service as a DHCP server. I have a bridged interface per node named br0 that has two ip addresses assigned to it. One is the public IP address and the other one is considered the internal network. I have two nodes and their…
Mohammadreza Nasrabadi
  • 21
  • 3
1 2 3
31 32