Highest Voted 'tcpdump' Questions - Server Fault Stack Exchange

0

votes

1 answer

Tcpdump logfile

the thing is I am trying transfer log file from one server to another dividing by size. I have dump such as: tcpdump -i any tcp x.x.x.x -s 0 -G 86400 -w /var/log/%F.zip Questions are: The output file released every 24 hours will be huge and I…

linux tcpdump

asked Dec 05 '19 at 06:37

Alex Cam

1

0

votes

1 answer

Sending tcpdump/pcap files to a remote server

I want to get all traffic on an embedded system, using tcpdump. I will send those files via sftp or ssh to my server. Can it happen, that tcpdump "sees" the transfer of the pcap files to my server? This would result in a unwanted recursive transfer…

networking tcpdump

asked Nov 11 '19 at 12:03

Standard

53
7

0

votes

0 answers

Strange (mail related) traffic on my server

I'm noticing strange traffic on my webserver which is around 50kbps constantly. Doing a (few seconds worth of) tcpdump on the specific ip address, I get this (pardon the huge list): 09:33:02.385238 IP 40.101.8.117.25113 > my.server.com.pop3s: P…

security imap tcpdump traffic pop3

asked Oct 23 '19 at 08:02

Zippy1970

247
1
4
12

0

votes

1 answer

TCPDUMP, tcp Flag not changing from Flags [S] to other flag values

I need support understanding these lines. when i tried to connect to server in a particular port it shows connecting and gives me timeout error. But in the tcp-dump command the packet flag not changing from [s] to other flags. Review the below log…

tcp socket tcpdump websocket

asked Aug 07 '19 at 07:55

VinothRaja

101
3

0

votes

1 answer

TCPDump, can't understand these parts

I need help to understand the bold part of this line : 01:04:28.539138 IP 90.2.255.58.37727 > 71.197.145.153.46872: . 9801:11201(1400) ack 0 win 2003 9801:11201(1400) 9801 seems to be the data sequence numbers, am I right ? But what is 11201 and…

tcp tcpdump syntax

asked Jul 24 '19 at 09:59

yeedooz

3
1

0

votes

1 answer

Why tcpdump has 262144 as default capture size?

I was wondering for the reason that why tcpdump has magic number 262144 as default snapshot length? --snapshot-length=snaplen Snarf snaplen bytes of data from each packet rather than the default of 262144 bytes. Packets truncated because of a…

tcpdump

asked Jul 24 '19 at 08:19

Talha Junaid

141
1
8

0

votes

1 answer

Understanding failed connection reason

Edit: The issue came about because our machines did not have external IP address and so outgoing traffic was going through Cloud NAT, which was misconfigured (min connections per vm) I am having issues with a GCP machine being able to connect to an…

google-compute-engine tcpdump

asked Jul 23 '19 at 16:41

James

215
1
2
7

0

votes

0 answers

Many requests over port 445 on Ubuntu VPS, what could it mean?

I own a small VPS hosted by Hetzner on which i run a small Minecraft game server. The VPS is running on Ubuntu, and the only software i installed are Java JRE and the required software to run a Minecraft game server (+ additional plugins). I ran a…

port hacking tcpdump spoofing

asked Jul 06 '19 at 10:28

Leonardo Fiori

1

0

votes

1 answer

Connections shows up in tcpdump but cannot not in auditd or ss

I ran tcpdump on a node which I can see many outbound TCP connections to a specific host (inside my network) on a specific port (8086). I'd like to know which process is making those connections. I used: while true; do ss -ntap '{ dport :8086 }';…

networking socket tcpdump auditd

asked Jun 26 '19 at 15:56

kjq07bd

15
5

0

votes

1 answer

host mirroring on multiple VM (unique VNETid/uuid)

We want to mirror all traffic going in/out port vnet0, and we want to send it to bridge port vnet2 (where we have a traffic monitoring application) and make sure traffic from vnet2 is excluded on tcpdump running on vnet2 I am using bond0 mirroring…

tcpdump mirroring

asked Jun 25 '19 at 11:02

Shirish Mishra

1

0

votes

2 answers

tcpdump filter by/print last hop

If I have a network that looks like this: 56.56.56.56 192.168.0.1/24 ___________ ---| Modem 1 |----- | ___________ | ___________ 11.22.33.44 ---| |--------|…

networking tcpdump

asked Jun 21 '19 at 07:42

tudor -Reinstate Monica-

1,805
18
36

0

votes

1 answer

What does "AF" mean in tcpdump?

This seems to show up only with -e and for me only on my VPN interface, e.g.: > sudo tcpdump -enn -i utun1 ... 11:35:22.440690 AF IPv4 (2), length 32: 1.2.3.4.1234 > 1.2.3.5.1234: [|domain] Edit: Testing with Wireshark, it seems that VPN interfaces…

tcpdump

asked Mar 05 '19 at 19:37

jtpereyda

188
1
6

0

votes

1 answer

Can a TCP packet don't reach the 7th OSI layer

I'm facing a situation where a client establish a TCP connection via telnet (or netcat) in order to connect to a linux server. The server must then send back a banner containing some text info... In each host, I launched Tcpdump to capture…

linux networking tcp tcpdump

asked Nov 22 '18 at 20:14

Dimareal

101
1

0

votes

2 answers

Weird traffic on all interfaces simultaneously. (Linux)

Every now and then, I check my munin graphs on my production server to see if there's anything out of the ordinary going on. Today I noticed a strange thing. Identical traffic spikes on all (8) interfaces/ip addresses simultaneously. Click to see…

linux tcpdump traffic

asked Oct 06 '18 at 16:59

Zippy1970

247
1
4
12

0

votes

2 answers

redirect tcpdump generated pcap file to another server while packets are being captured

I was looking for some command like this, it achieves: redirect the tcpdump generated pcap file to another server during the process of 1., using a python script or some tool to analyze each packet. So from the point of the system user, when…

python tcpdump nc

asked Sep 18 '18 at 10:24

Tiina

175
2
9

Questions tagged [tcpdump]