Highest Voted 'tcpdump' Questions - Server Fault Stack Exchange

0

votes

0 answers

Sometimes unable to tune Linux TCP stack for improved high-latency performance

I have been unsuccessfully trying to apply the TCP Tuning techniques discussed at http://fasterdata.es.net/host-tuning/ As you'll see when you read through the entire question, sometimes the es.net tuning guidelines are effective for me, other times…

asked Sep 06 '15 at 18:04

Bryan Pendleton

101
4

0

votes

0 answers

OOM Killer when tcpdump is run in system with low memory

I am working on an embedded system with limited memory. Here is the dump from my vmstat: procs -----------memory---------- ---swap-- -----io---- -system-- ------cpu----- r b swpd free buff cache si so bi bo in cs us sy id wa…

cache kernel tcpdump oom

asked Aug 11 '15 at 16:24

nrcrast

1

0

votes

0 answers

Capture all mysql requests/responses and caculate the response time using tcpdump

I need to capture all mysql requests/responses using tcpdump and after that need to find out which response related to which request in order to caculate the response time of each request. I used the following tcpdump code: tcpdump -ixenbr0 -s 400…

linux mysql tcpdump packet-capture

asked Jul 28 '15 at 22:12

Michel Gokan Khan

183
2
14

0

votes

0 answers

tcpdump returns no multicast traffic when a DNS entry is being used in resolv.conf

I have noticed on a 6.5 Centos host that when I am using tcpdump to determine if a multicast source is being received/ sent that it does appear to get any results when I have a DNS registered in the /etc/resolv.conf if I comment the DNS entry it…

domain-name-system tcpdump resolv.conf

asked Jun 25 '15 at 12:55

adamjth

11
1
3

0

votes

1 answer

tcpdump capture destined to other server

I´d like to ask for help in understanding this tcpdump capture. Tcpdump is running on server 10.13.255.27 and received the packet: root@server27 ~]# tcpdump -i eth0 dst host 10.13.255.26 and not src net 10.13.255.0/24 -nn -vv tcpdump: listening on…

tcpdump

asked Apr 11 '15 at 21:52

Brn

3
2

0

votes

1 answer

how to determine client side or server side retransmission from a pcap

I am trying to get some clarification on something I read here: how to calculate packet loss from a binary TCPDUMP file The first answer says that the sequence number will be the same from client to server and from server to client the ack would be…

networking tcp tcpdump pcap tshark

asked Feb 18 '15 at 00:56

user53029

629
3
14
36

0

votes

3 answers

How to use tcpdump to log only certain data in real time

I'd like to monitor network interfaces, but only log things likes errors, collisions and dropped packets and send that to stdout. Can tcpdump be configured to do this?

linux networking monitoring tcp tcpdump

asked Feb 12 '15 at 22:50

user53029

629
3
14
36

0

votes

0 answers

What conditions can account for incorrect inbound TCP checksums?

According to The Wireshark FAQ TCP checksum offloading causes checksums for outbound traffic to be calculated incorrectly. On some Linux hosts I see some inbound TCP traffic that is flagged with incorrect checksums: $ sudo tcpdump -n -vvv dst…

wireshark tcpdump

asked Jan 23 '15 at 16:10

eradman

150
4

0

votes

1 answer

How to trace TIME_WAIT sessions using tcpdump (or similar tool)

I have a server with large number of TIME_WAIT sessions. These are sessions that the server closed, but the client didn't close. I want to analyze a sample session, to understand what happens there. Simple "brute force" analysis of tcpdump output…

tcpdump time-wait

asked Dec 08 '14 at 13:44

Ophir Yoktan

175
2
8

0

votes

3 answers

user agent in http or https request

Is there any way that I can differentiate, the HTTP or HTTPS packets are coming from browser or not ? specially for https request.There is User-Agent field in packet in Http,but I could not found anything in HTTPS.

https wireshark tcpdump packet-capture useragent

asked Nov 21 '14 at 11:24

user95711

211
3
4
11

0

votes

1 answer

Tcpdump advanced filters

i want ask for command can Get only the IPs have more then 1 connection with different source port xxx.xxx.xxx.xxx:X | xxx.xxx.xxx.xxx:Y (example) if IP1 has connection to server with Src Port X and IP1 has another Connection with SourcePort…

tcpdump filter

asked Oct 30 '14 at 11:08

extrem

1

0

votes

1 answer

What can possibly prevent tcpdump from showing request packets?

I am trying to debug a little SOAP issue. I am using a java web app to consume an API over a VPN. ping and telnet on the webservice server are fine.The Environment is aws ec2 for my app. I have no clue of system used on the other side the command…

vpn tcpdump

asked Oct 02 '14 at 16:31

black sensei

609
3
10
25

0

votes

0 answers

amazon ec2 ftp RETR hangs

The problem is with an Amazon ec2 instance "Red Hat Enterprise Linux Server 7.0 (Maipo)" (kernel 3.10.0-123.6.3.el7.x86_64) When attempting to RETR a remote file the FTP client hangs indefinitely. I have no control of the remote server. All…

linux networking amazon-ec2 ftp tcpdump

asked Sep 22 '14 at 21:39

user2914191

101
2

0

votes

0 answers

tcpdump on any interface does not support VLAN

I have tried the following command: tcpdump -i any vlan , on both Ubuntu 10.04 (kernel 2.6.32-36) and Ubuntu 12.04 (kernel 3.8.0-39) and got the following output: tcpdump: no VLAN support for data link type 113 . tcpdump/libpcap versions are…

vlan tcpdump java

asked Sep 03 '14 at 12:04

Stathis

11
3

0

votes

1 answer

Need help examining tcpdump file to block attack

I need some help, my game server has been under fire with DoS attacks for 2 days now. Bandwidth attacks are no problem since I host with OVH and they are filtered out but my game server ports are being attacked which times out the servers and…

iptables ddos tcpdump

asked Aug 05 '14 at 21:22

Martijn Kools

9
3

Questions tagged [tcpdump]