Highest Voted 'tcpdump' Questions - Server Fault Stack Exchange

0

votes

1 answer

Mirror traffic to tcpdump server and automatically save pcaps

Looking to port mirror a network firewall interface, connect that interface to a Linux server, and have that Linux server constantly run a tcpdump and storing the output in files. Specifically, my requirement is to have pcap files saved over and…

linux tcpdump pcap

asked Aug 09 '16 at 20:09

lobi

1,083
2
15
30

0

votes

1 answer

How to figure out why my NAT-box sends TCP RST packets?

TL;DR: I see that an ubuntu (which I have an absolute control of) host sends a packet under certain circumstances. How to find the application/kernel module responsible for that packet? I am developing a homegrown NAT-box, and I arrived to this…

linux iptables linux-networking nat tcpdump

asked Jul 01 '16 at 09:53

Necto

163
7

0

votes

1 answer

"No route to host" when i do a telnet in azure

I have two VM's in azure with different public IP's and whose private IP's are : 10.10.1.9 10.10.1.6 When i do a telnet with following command from the server 10.10.1.6, i get the a error: telnet 10.10.1.9 2181 Trying 10.10.1.9... telnet: connect…

networking azure arp tcpdump telnet

asked May 27 '16 at 05:17

Nilotpal

101
1
3

0

votes

2 answers

Wireshark Packet Capture Data Data ACK Confusion

I understand how acks work and windowing works. What I am not getting is why am I seeing the following behavior in packet captures Client Server data1-----> data2-----> <--------ack When the server acks for data2, how does the client…

tcp wireshark tcpdump

asked May 23 '16 at 19:37

Le Ray

113
1
1
3

0

votes

1 answer

Linux server failing to send SYN/ACK after receiving SYN remotely, works locally

Problem: A server process can be accessed by a device on the LAN or by the server itself, but it cannot be accessed outside the LAN (port forwarding is configured correctly as the server does receive packets). Packet tracing reveals that SYN is…

linux iptables linux-networking tcp tcpdump

asked May 11 '16 at 20:07

Lynxy

21
1
5

0

votes

2 answers

Count number of incoming connection on a port - Linux

We have a server which listens on port X. The server has a large number of clients, from time to time the process gets hung, I am seeing SYN flooding messages in the log. I have been trying to tune relevant tcp configuration params. I would like a…

tcp tcpdump syn

asked May 09 '16 at 13:36

Sridhar Chidurala

167
2
7

0

votes

1 answer

Is it possible to specify tcpdump that I want it to interpret packet differently before printing it to STDOUT?

I am using iperf to pinpoint packet reordering issue. Unfortunately, tcpdump does not know how to parse iperf's UDP payload that I could use to pinpoint the issue. I know that iperf stores packet sequence ID in the first 32-bits of the UDP…

linux tcpdump packet-capture

asked Mar 22 '16 at 21:54

john1234

113
2

0

votes

1 answer

Why are ICMP packets not captured on the target interface?

I have a network setup as in the picture: The central box is a gateway (Ubuntu 15.10) which relays the packets betwen the various networks (only one is shown on the picture - lan0) and Internet. gateway: I can ping all interfaces and hosts on…

networking linux-networking tcpdump icmp packet-capture

asked Mar 19 '16 at 12:50

WoJ

3,607
9
49
79

0

votes

1 answer

PCAP filter for first few packets, and packets related to disconnection, TCP-only

I'd like to use tcpdump with a filter for some long-running debugging. Specifically, I only want to capture packets with the following conditions: First 10 packets or so of a new TCP connection (including handshake) Anything odd (retransmissions,…

tcpdump packet-capture packet-sniffer pcap

asked Feb 27 '16 at 02:35

Brad

1,419
22
43

0

votes

0 answers

tcpdump - filter applies after some time?

I have a strange problem with tcpdump - it's like the filter I want to be applied to captured packets doesn't work instantly. Maybe it's perfectly normal but to be honest I've never seen this before. Here's an example : tcpdump -i ife0 -n not…

tcpdump

asked Feb 10 '16 at 07:47

aqz

53
1
4

0

votes

2 answers

Ubuntu server - packets from different networks not coming through (flushed iptables)

I have set up a brand new Ubuntu server, and I'm encountering a very strange network related issue - the processes running on the server cannot 'see' packets originating from external networks, but they do show up when I run a tcpdump on the…

ubuntu networking iptables tcpdump

asked Jan 21 '16 at 20:34

kralewitz

51
1
6

0

votes

0 answers

Server send TCP ACK with wrong number after receiving SYN

I have a client establish new TCP connection then sends request to a server per second. Both client and server are on the same linux box (via loopback interface). The client periodically reports socket error. After digging the network packets, the…

linux tcp tcpdump loopback

asked Jan 14 '16 at 03:12

petertc

2,500
1
15
10

0

votes

2 answers

Monitor networking between two interfaces

I need to monitor TCP networking between two hosts which does not have tcpdump installed, and I cannot install on them. Is it possible to do so with tcpdump using some known rule ?

tcpdump

asked Jan 04 '16 at 16:50

xyx

111
2

0

votes

0 answers

Monitor outgoing web traffic sources on CentOS

I received a report today that a server I manage (Centos + Apache) is launching a bruteforce attack against wordpress websites: hacked-joomla/brobot The requests sent look like this: x.x.x.x - - [15/Nov/2015:19:37:14 +0100] "POST wp-login.php…

centos tcpdump netstat brute-force-attacks lsof

asked Nov 16 '15 at 16:30

Jason Carter

9
3

0

votes

0 answers

"Filtered" port when accessing server

I'm having periodic trouble accessing one of my DigitalOcean servers from Azure machines. I have isolated a test that - I believe - demonstrates the issue and captured a tcpdump from the server for both the working example and the not working…

azure tcpdump nmap syn

asked Oct 27 '15 at 01:48

Charles Offenbacher

145
7

Questions tagged [tcpdump]