Highest Voted 'tcpdump' Questions - Server Fault Stack Exchange

1

vote

1 answer

Trouble filtering DNS responses with tcpdump

I'm having troubles with tcpdump. I want to only capture DNS packets that are responses containing authoritative responses with a single RR that is 0.0.0.0. For example I want to only capture packets like this: root@OpenWrt:~# tcpdump -XKvvv 'udp…

domain-name-system tcpdump

asked Jul 05 '22 at 22:53

owrtbro

31
6

1

vote

0 answers

How to figure out what is bad about a 400 bad request, on an Apache-server

The overarching question How do I see what is 'bad' about a 400 - bad request? Info about the error When I click around the WordPress-backend, then between 3 and 7 requests (out of 95-100) give me a: 400 - Bad request-error, upon every page load.…

apache-2.4 tcpdump http-status-code 400

asked May 16 '22 at 14:50

Zeth

121
2
7

1

vote

1 answer

TCPDUMP Order of Operations: exclude and include

Trying to look at multicast traffic so I created a filter to monitor the range, then began to slowly add statements to exclude things not relevant but didnt get expected results. Do you do the opposite when writing, so put narrow excluding…

tcpdump

asked Dec 31 '21 at 10:02

Gr4cchus

11
3

1

vote

1 answer

tcpdump output has a different hostname

Sorry in advance for the simple question, but I'm trying to educate myself on tcpdump and networks. I'm tracing all traffic going to a certain host with tcpdump -SX -i any dst host host.site.com However, in the tcpdump output I see a different…

tcpdump

asked Sep 28 '21 at 12:29

Denver123

13
2

1

vote

1 answer

How to find the linux user that sent the packet

Our server is compromised and we would like to know which accounts sent the malicious queries from our server. I used tcpdump to get this : our.host.net.48194 > box5596.bluehost.com.http: Flags [P.], cksum 0x0bf8 (incorrect -> 0x5061), seq 0:741,…

security wireshark tcpdump packet

asked Aug 21 '21 at 13:43

SmootQ

113
4

1

vote

0 answers

tcpdump: filtering out localhost, packets show up anyway?

I'm trying to use tcpdump to explore what on my computer talks with whom on the world wide web. I've came this far as of yet: lan_hosts="(hosts || to || exclude)" local_hosts="(127.0.0.1 || ips_of_my_nics || localhost ||…

networking linux-networking monitoring network-monitoring tcpdump

asked Aug 17 '21 at 05:43

xogoxec344

36
5

1

vote

1 answer

Different length between ping and tcpdump

I do not why I am not able to see under tcpdump the correct length value which should be $((9706-28)) = 9678, but I see 9686. On both side there is a MTU set to 9706 which maximum value for the interface which I am using. I run command: ping -D -s…

tcpdump mtu

asked Jul 08 '21 at 12:04

sqr

15
3

1

vote

1 answer

How to split pcap per IRC channels

I wonder if there is a way how to split a pcap that contains (only) IRC per channels. I'm trying to compare accuracy of botnet detection in channels using existing IDS (suricata, snort). The only way how to check which IRC channel was detected seems…

tcpdump pcap irc

asked Jul 18 '20 at 13:22

preneond

113
3

1

vote

1 answer

Forwarded Packets are received by namespace's veth0 but not received by application

I use libtins (It uses Pcap) to capture link layer packets and forward to a network namespace where the actual application runs on. Client(Browser) -> Server -> Pcap -> Pcap Send -> br0 (Bridge) -> Namespace -> Application Now, I see that the…

tcpip tcpdump packet-capture packet link-layer

asked Jul 11 '20 at 06:11

sqlbie

11
3

1

vote

2 answers

tcpdump can't open file: permission denied (linux)

I set all filters for Tcpdump in a config file, but when I run this command: sudo tcpdump -i any -w "./mypcap.pcap" -F "myfilters.txt" I get permission denied although my file has rwx for users, groups, and others. What am I doing wrong?

linux tcpdump

asked Jul 08 '20 at 09:36

Furin

111
2

1

vote

2 answers

Display delta timestamp and UDP data payload with tcpdump/tshark

I have a 1.5Gb capture of small UDP packets that I would like to turn into a CSV with just timestamp and UDP payload data in hex format. An example of the desired output would be as follows: % head Data3.txt…

tcpdump tshark

asked Jun 07 '20 at 10:12

M.E.

124
10

1

vote

1 answer

Re-routing DNS queries with iptables properly without resolv.conf

I run a custom DNS service on 127.0.0.1:53 and I dont just want all queries to go through it, I also want only that service to respond back. Which is where the problem arises. My NAT iptables setup: iptables -t nat -A OUTPUT -p tcp --dport 53 -j…

domain-name-system iptables nat tcpdump

asked Jun 03 '20 at 16:55

Kirikan

13
3

1

vote

0 answers

tcpdump not capturing packets but Apache log shows the request

I'm trying to debug a client side javascript application that sends a XMLHttpRequest to a php script but I don't get any output from tcpdump when this happens. Apache logs the request, the script itself throws an error because there were no POST or…

tcpdump

asked Apr 23 '20 at 20:17

Version7

11
1

1

vote

0 answers

Does tcpdump guarantee packet integrity?

In normal use of tcpdump without any parameter, does it guarantee? tcpdump -i eth0 -w file.pcap In using tcpdump rotating by time with -G parameter, does it guarantee? tcpdump -i eth0 -w file.pcap -G 60 In both case, throughput is apprx 1Gbit

tcpdump packet integrity

asked Mar 12 '20 at 13:42

hakansel05

11
2

0

votes

1 answer

Why does one of four-way handshake miss with the command nc

I'm using the command nc to simulate the TCP connection with a client and a server. I execute the command nc -l 1234 and tcpdump -i eth0 port 1234 at the server and I execute the command nc IP_OF_SERVER 1234 at the client. Then I type abcd and a…

tcp tcpdump time-wait nc

asked Dec 16 '19 at 10:34

Yves

117
1
6

Questions tagged [tcpdump]