Highest Voted 'tcpdump' Questions - Server Fault Stack Exchange

0

votes

1 answer

Analyze Packet Loss Bursts

I need to analyze packet loss bursts in TCP streams. Given a number X a packet lost burst is when more then X consecutive packets got lost. So I have a pcap file and need to count how many bursts there were and what was the duration of each. Tried…

tcp tcpdump packetloss

asked Sep 13 '18 at 06:33

nmnir

101

0

votes

1 answer

How to check for firewall drops in WireShark

We have an application setup across two servers. The application is failing because a firewall is blocking communication between the two servers. I need a way to figure out every single port that is being blocked so that I can request for those…

wireshark tcpdump

asked Aug 22 '18 at 22:51

souser

197
2
3
10

0

votes

0 answers

Why is tcpdump not capturing TLS packets on port 443?

I am using the following command: sudo tcpdump -vvv -A -XX -i any -w dump.pcap I can see several TCP packets coming or and going to the expected IP addresses on port 443. Nevertheless, I am not able to see the TLS packets sent during the SSL…

ssl openssl tcpdump

asked Aug 06 '18 at 14:10

rreyes1979

101
1
1

0

votes

1 answer

tcpdump: Traffic between localhost:[src-port:dst-port]

I'd like to get http traffic between localhost:8081 and localhost:8080. I need http headers and body. I've tried some commands but everything is complicated and I don't quite figure out what I'm doing exactly. Any ideas?

tcpdump

asked Jul 23 '18 at 07:37

Jordi

261
1
7
15

0

votes

1 answer

tcpdump get requesting IP

We are tracking http usage(mainly for our intranet) and I've been able to track it using the the following on our OPENWRT router: tcpdump -i wlan1 -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420' | grep 'GET\|Host' >> /mnt/jlt/wlan1 This…

tcpdump openwrt

asked Jun 25 '18 at 17:17

Jeff

685
7
17

0

votes

1 answer

Linux: get all connect calls for a local port

I have a ssh tunnel through which a client is connecting to a server. Using, wireshark, I could see a periodic connection of SSH besides the keepalive, but I am unable to obtain the process (pid) that's causing this traffic. I used ss -ntap -o state…

networking ssh wireshark tcpdump

asked Apr 18 '18 at 19:47

iamauser

349
2
3
12

0

votes

1 answer

How do I filter tcpdump results based on a missing header?

My HAProxy adds 'X-Proto: SSL' as a header to requests that are over HTTPS. I'd like to use tcpdump to see the 'Host:' header of all requests that do not have that 'X-Proto: SSL' header. Here's what a sample request looks like with it (captured with…

networking tcpdump headers

asked Apr 10 '18 at 20:31

nowthatsamatt

921
1
8
11

0

votes

1 answer

How to collect HTTP data in Wireshark from a remote Linux host?

I am trying to collect HTTP requests and responses from a remote host using Wireshark using SSH tunnel. So I have Windows host with Wireshark on it, and Linux host with tcpdump on it and a web server listening on port 5000. I execute tcpdump on the…

linux http wireshark tcpdump

asked Jan 07 '18 at 20:28

Mohammed Noureldin

541
1
11
25

0

votes

1 answer

tcpdump host unreachables for specific host

I'm trying to rule out some issues and needing to capture all ICMP messages except echo/echo reply. However the issue I'm struggling to find a way around is I only want these involving a particular host. The filter I've been trying is tcpdump icmp…

tcpdump icmp

asked Dec 19 '17 at 05:55

Cameron Moody

3
3

0

votes

1 answer

Why does TCP request packet contain ACK flag?

I am very new at low level of TCP and I am tryingtcpdump with simple socket server and client program. The server and client follow the two steps. Server and client make a connection. Client sends a string message. The below is the output of…

tcpip tcpdump

asked Dec 18 '17 at 11:55

asleea

159
1
1
9

0

votes

1 answer

What data is not available for tcpdump unlike interface statistics tools?

I'm analizing the logs on specific interface and wondering why this command during small load-test: tcpdump -i enp21s0f0 -s0 -w /tmp/dump2.cap` catched only 75 MB, when ethtool -S enp21s0f0 / ifconfig enp21s0f0 showed about 80 MB of data(I…

linux networking tcpdump ethtool statistics

asked Oct 30 '17 at 18:32

John

31
3

0

votes

1 answer

tcpdump not intercepting DHCP ACK

I have a router running lede with tcpdump installed tcpdump --version # tcpdump version 4.9.0 # libpcap version 1.8.1 When I run it like so: tcpdump -vnes0 -i eth0 port 67 or port 68 I can see 00:00:24.122791 00:00:00:00:69:6f >…

tcpdump openwrt

asked Oct 17 '17 at 21:04

Nicu Tofan

101
4

0

votes

0 answers

Webserver cannot ping external

I want our webserver to be accessible from the outside world. We have a static IP - 176.35.XXX.XXX which is accessible when on the same network as the webserver, however times out externally. When accessing this IP address externally I can see that…

firewall gateway tcpdump

asked Oct 06 '17 at 06:24

Lee

101
1

0

votes

1 answer

Accessing webserver remotely (contains tcpdump)

Total noob here so apologies in advance for missing out any key details. We have a web server which is accessible locally on 192.168.2.1. It is also accessible locally on 176.XXX.XXX.XXX which is obviously an external IP. When accessing the external…

iptables firewall port-forwarding tcpdump

asked Oct 05 '17 at 14:49

user438473

1

0

votes

0 answers

endless SYN_RECV coming in on ipv4 interface w/ tcp6 protocol... syn flood attempt?

I've moved the sites I host to a new machine, and am waiting for all traffic to go away on the old one before I shut it off. The host is fedora 24 running on linode. So I notice, there is only one IP number now hitting the machine, continuously,…

ipv6 tcpdump

asked Sep 22 '17 at 18:12

zzzeek

101
3

Questions tagged [tcpdump]