Highest Voted 'tcpdump' Questions - Server Fault Stack Exchange

14

votes

4 answers

tcpdump increases udp performance

I'm running a set of load tests to determine the performance of the following setup: Node.js test suite (client) --> StatsD (server) --> Graphite (server) In short, the node.js test suite sends a set amount of metrics every x seconds to a StatsD…

asked Apr 30 '15 at 14:45

Ruben Homs

149
7

14

votes

2 answers

Lots of dropped packages when tcpdumping on busy interface

My challenge I need to do tcpdumping of a lot of data - actually from 2 interfaces left in promiscuous mode that are able to see a lot of traffic. To sum it up Log all traffic in promiscuous mode from 2 interfaces Those interfaces are not assigned…

linux networking tcpdump

asked Aug 27 '12 at 21:37

Frands Hansen

4,657
1
17
29

13

votes

1 answer

SynProxy can not return syn ack packets with asymmetric dual bridge topology

I have a asymmetric dual bridge topology as shown below when i connect from 172.16.11.5 and 172.16.10.6 with ssh but i can not connect because of SynProxy. ------- | | ---o--- 172.16.11.5 …

linux linux-networking tcp tcpdump

asked May 26 '15 at 10:29

nyzsirt

156
7

13

votes

1 answer

tcpdump How do I use it to capture all traffic headers

I'm quite new to tcpdump. I've never used it except for very trivial tasks. Recently, I was asked to complete the following job. What I have: A server with a network interface connected to a switch. All traffic on that switch would be mirrored to…

tcpdump

asked Mar 30 '11 at 11:29

Haozhun

267
2
5
10

13

votes

3 answers

tcpdump: capture one of several vlans

I want tcpdump to capture VLAN 1000 or VLAN 501. man pcap-filter says: The vlan [vlan_id] expression may be used more than once, to filter on VLAN hierarchies. Each use of that expression increments the filter offsets by 4. When I do: tcpdump…

sniffing vlan packet-capture tcpdump

asked Oct 29 '10 at 16:31

bstpierre

431
1
3
14

12

votes

2 answers

How to send captured packets to a different destination?

I have some data packets captured using tcpdump in a pcap file. Now I want to send those packets to a another destination. how I can achieve this?

linux-networking wireshark tcpdump tshark

asked Dec 19 '15 at 05:26

Lakal Malimage

486
1
4
10

12

votes

2 answers

Filter tcpdump file AFTER capturing

I captured a really big tcpdump file which now always crashes my wireshark. It was captured with no filters and I need to apply some afterwards to make the file smaller. Is this somehow possible?

wireshark tcpdump filter

asked Jan 10 '13 at 13:18

Zulakis

4,153
14
48
76

11

votes

5 answers

Determine originating process for outbound traffic

I can see that my server is sending out a lot of traffic. If I go to netstat -apln | grep httpd I can see that all the traffic is going to one IP. Is there a way I can see what script / file is being used to send the data to that IP? Or any IP in…

linux tcpdump

asked Nov 28 '14 at 23:05

user2078802

111
1
1
5

11

votes

4 answers

Packet loss rate with iperf and tcpdump

I tested a line for its link quality with iperf. The measured speed (UDP port 9005) was 96Mbps, which is fine, because both servers are connected with 100Mbps to the internet. On the other hand the datagram loss rate was shown to be 3.3-3.7%, which…

tcpdump packetloss iperf

asked May 18 '10 at 08:34

stefita

113
1
1
7

11

votes

2 answers

tcpdump filter that excludes private ip traffic

For a generic filter to exclude all traffic in my dump that is between private IP address, I came up with the following: sudo tcpdump -n ' (not ( (src net 172.16.0.0/20 or src net 10.0.0.0/8 or src net 192.168.0.0/16) and …

tcpdump

asked Mar 17 '10 at 19:26

Kyle Brandt

83,619
74
305
448

9

votes

2 answers

tcpdump capture new connections only

I am using tcpdump to capture traffic from specific IP address. Is there the possibility to capture new connections only, meaning TCP streams that start with SYN packet?

tcp tcpdump syn

asked Aug 24 '16 at 06:53

Ania Katzenelson

91
1
1
2

9

votes

2 answers

Packet captures: filtering on RX vs TX

I have a network problem where frames with a source MAC which matches with one of my host's source MACs are arriving at the host - an apparent duplicate MAC, or loop, or other L2 problem. I believe this is the situation because the MAC tables (CAM…

linux tcpdump interface pcap

asked Sep 14 '14 at 19:55

Joshua Miller

1,378
2
11
14

9

votes

2 answers

Why echo request doesn't show in tcpdump?

I have two network segments connected using a IPSEC-VPN tunnel : NET#1: a.b.0.0/16 with LAN gateway a.b.0.1 NET#2: x.y.0.0/16 with LAN gateway x.y.130.1 I initiate a ping from a.b.0.1 to x.y.130.100 and started a tcpdump. This later shows echo…

ping tcpdump

asked Nov 11 '20 at 14:06

Younes

233
2
6

8

votes

2 answers

tcpdump dns output codes

Captured on the nameserver: 21:54:35.391126 IP resolver.7538 > server.domain: 57385% [1au] A? www.domain.de. (42) What das the percent sign in 57385% mean? As far as I can see 57385 is the clients sequence number, a plus would mean RD bit set.…

domain-name-system tcpdump

asked Jun 18 '12 at 20:25

tim

1,217
3
11
23

8

votes

3 answers

Why won't tcpdump write a pcap file?

In the process of debugging a python irc bot that can't seem to connect, I thought "I know, I'll just tcpdump it and see what it's doing." So I ran tcpdump like I usually do and it says it's captured packets, but doesn't actually write the cap…

networking filesystems tcpdump

asked Feb 06 '12 at 19:53

akraut

311
1
3
17

Questions tagged [tcpdump]