Questions tagged [tcpdump]

tcpdump is a CLI tool for capturing and displaying packets sent and received by network devices.

466 questions
0
votes
1 answer

Analyze Packet Loss Bursts

I need to analyze packet loss bursts in TCP streams. Given a number X a packet lost burst is when more then X consecutive packets got lost. So I have a pcap file and need to count how many bursts there were and what was the duration of each. Tried…
nmnir
  • 101
0
votes
1 answer

How to check for firewall drops in WireShark

We have an application setup across two servers. The application is failing because a firewall is blocking communication between the two servers. I need a way to figure out every single port that is being blocked so that I can request for those…
souser
  • 197
  • 2
  • 3
  • 10
0
votes
0 answers

Why is tcpdump not capturing TLS packets on port 443?

I am using the following command: sudo tcpdump -vvv -A -XX -i any -w dump.pcap I can see several TCP packets coming or and going to the expected IP addresses on port 443. Nevertheless, I am not able to see the TLS packets sent during the SSL…
rreyes1979
  • 101
  • 1
  • 1
0
votes
1 answer

tcpdump: Traffic between localhost:[src-port:dst-port]

I'd like to get http traffic between localhost:8081 and localhost:8080. I need http headers and body. I've tried some commands but everything is complicated and I don't quite figure out what I'm doing exactly. Any ideas?
Jordi
  • 261
  • 1
  • 7
  • 15
0
votes
1 answer

tcpdump get requesting IP

We are tracking http usage(mainly for our intranet) and I've been able to track it using the the following on our OPENWRT router: tcpdump -i wlan1 -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420' | grep 'GET\|Host' >> /mnt/jlt/wlan1 This…
Jeff
  • 685
  • 7
  • 17
0
votes
1 answer

Linux: get all connect calls for a local port

I have a ssh tunnel through which a client is connecting to a server. Using, wireshark, I could see a periodic connection of SSH besides the keepalive, but I am unable to obtain the process (pid) that's causing this traffic. I used ss -ntap -o state…
iamauser
  • 349
  • 2
  • 3
  • 12
0
votes
1 answer

How do I filter tcpdump results based on a missing header?

My HAProxy adds 'X-Proto: SSL' as a header to requests that are over HTTPS. I'd like to use tcpdump to see the 'Host:' header of all requests that do not have that 'X-Proto: SSL' header. Here's what a sample request looks like with it (captured with…
nowthatsamatt
  • 921
  • 1
  • 8
  • 11
0
votes
1 answer

How to collect HTTP data in Wireshark from a remote Linux host?

I am trying to collect HTTP requests and responses from a remote host using Wireshark using SSH tunnel. So I have Windows host with Wireshark on it, and Linux host with tcpdump on it and a web server listening on port 5000. I execute tcpdump on the…
Mohammed Noureldin
  • 541
  • 1
  • 11
  • 25
0
votes
1 answer

tcpdump host unreachables for specific host

I'm trying to rule out some issues and needing to capture all ICMP messages except echo/echo reply. However the issue I'm struggling to find a way around is I only want these involving a particular host. The filter I've been trying is tcpdump icmp…
0
votes
1 answer

Why does TCP request packet contain ACK flag?

I am very new at low level of TCP and I am tryingtcpdump with simple socket server and client program. The server and client follow the two steps. Server and client make a connection. Client sends a string message. The below is the output of…
asleea
  • 159
  • 1
  • 1
  • 9
0
votes
1 answer

What data is not available for tcpdump unlike interface statistics tools?

I'm analizing the logs on specific interface and wondering why this command during small load-test: tcpdump -i enp21s0f0 -s0 -w /tmp/dump2.cap` catched only 75 MB, when ethtool -S enp21s0f0 / ifconfig enp21s0f0 showed about 80 MB of data(I…
John
  • 31
  • 3
0
votes
1 answer

tcpdump not intercepting DHCP ACK

I have a router running lede with tcpdump installed tcpdump --version # tcpdump version 4.9.0 # libpcap version 1.8.1 When I run it like so: tcpdump -vnes0 -i eth0 port 67 or port 68 I can see 00:00:24.122791 00:00:00:00:69:6f >…
Nicu Tofan
  • 101
  • 4
0
votes
0 answers

Webserver cannot ping external

I want our webserver to be accessible from the outside world. We have a static IP - 176.35.XXX.XXX which is accessible when on the same network as the webserver, however times out externally. When accessing this IP address externally I can see that…
Lee
  • 101
  • 1
0
votes
1 answer

Accessing webserver remotely (contains tcpdump)

Total noob here so apologies in advance for missing out any key details. We have a web server which is accessible locally on 192.168.2.1. It is also accessible locally on 176.XXX.XXX.XXX which is obviously an external IP. When accessing the external…
0
votes
0 answers

endless SYN_RECV coming in on ipv4 interface w/ tcp6 protocol... syn flood attempt?

I've moved the sites I host to a new machine, and am waiting for all traffic to go away on the old one before I shut it off. The host is fedora 24 running on linode. So I notice, there is only one IP number now hitting the machine, continuously,…
zzzeek
  • 101
  • 3