Highest Voted 'tcpdump' Questions - Server Fault Stack Exchange

0

votes

0 answers

Traffic capture at boot

I'm trying to figure out what packets a linux host sends at boot in order to debug it. Is there a way to start packet capture during boot time to not miss any packets? What is your way of going about it? I have found a red hat guide but it's behind…

asked Jul 27 '22 at 02:56

lolz

11
1

0

votes

1 answer

Dump client ssh key from server side

To investigate on some issue, I need to dump the full ssh key offered by the ssh client to the ssh server. Up to this point, I tried to put the parent of all sshd server (belongs to root) LogLevel to DEBUG strace -f (to follow child processes) the…

ssh tcpdump strace

asked Jun 07 '22 at 13:24

kalou.net

103
2

0

votes

1 answer

tcpdump and lenght with VLAN

I run ping: ping -c 15 -s 120 -D 192.5.15.22 The same time I watch tcpdump: tcpdump -n -e -vv -ttt -i iavf0 vlan tcpdump: listening on iavf0, link-type EN10MB (Ethernet), capture size 262144 bytes 00:00:00.000000 52:54:00:d6:e6:62 >…

vlan tcpdump

asked Jun 06 '22 at 08:58

sqr

15
3

0

votes

1 answer

Linux: bridge vs. vlan vs. tcpdump

I have a Proxmox host with kernel 5.15.19-2-pve. It has a bond0 interface made from eth2 and eth3, which receives vlan tagged traffic. I created a vmbr666 bridge that shows looks like this: # /etc/network/interfaces: auto vmbr666 iface vmbr666 inet…

vlan bridge tcpdump pcap

asked May 20 '22 at 13:33

András Korn

651
5
15

0

votes

1 answer

docker containaer promiscuous mode partially working

I have strange virtual (docker bridges) networking condition I have two dockers connected to the same bridge via docker-compose. One docker is "probe" and one is "injector". Injector uses tcpreplay to replay capture and "probe" should receive it via…

docker docker-compose tcpdump tcpreplay

asked May 17 '22 at 10:58

Boris

173
1
10

0

votes

0 answers

dnsmasq DHCP not working, not replying to DHCP requests

I have setup dnsmasq as DHCP server on a CentOS VM, however it is not replying to DHCP requests. What could be the issue? Following is the configuration and tcpdump…

centos dhcp dhcp-server tcpdump dnsmasq

asked Jan 05 '22 at 18:25

asm_nerd1

101
1

0

votes

2 answers

TCDump Missing packets

We use TCPDump on an RPI to capture WiFi signals from nearby devices as a means to get an estimate of number of people. We have notice the on "normal" days the numbers are reasonably accurate but for a couple of times where we had much larger…

wifi tcpdump

asked Nov 22 '21 at 19:35

Pigsfoot

11

0

votes

1 answer

daemonized alternative to tcpdump to save mirrored traffic

I need to save mirrored traffic for audit purposes. Traffic for audited server is send to other server. I need to capture that traffic on dedicated interface, save it to pcap files of reasonable scope (rotation by date/size), and (may be) upload and…

networking tcpdump audit

asked Aug 30 '21 at 13:58

George Shuklin

296
2
11

0

votes

1 answer

QEMU VM with tap interface sees all packages coming from hypervisor instead of real source IP

I have set up a very simple Hypervisor using Alpine Linux and my VM sees all traffic coming from the IP of the hypervisor. Which also means if fail2ban tries to block attacks, it always blocks the hypervisors IP How can I have the VM see the real IP…

kvm-virtualization qemu tcpdump tun alpine

asked Jul 29 '21 at 07:46

Christian

333
7
18

0

votes

1 answer

Is there a way to disable TCP segmentation offloading to prevent packets greater than the MTU from being captured from the loopback interface?

I'm trying to create some captures on my linux box. The problem I have is that any captures I take from the loopback interface will contain massive packets that are much larger than the MTU. This appears to because of TCP segmentation offloading. I…

linux linux-networking tcpdump packet-capture

asked Mar 18 '21 at 16:01

kansas_bulldog382

3
2

0

votes

1 answer

Can (and do) I use iptables to expose a host directly online (not using NAT)?

I'm using a DSL-5300 VDSL modem/router which is set up with NAT for my house, and works great. Its web interface hasn't been written to support a mix of NAT and no-NAT traffic. I've been assigned 8 public IP addresses. I've set up a linux box on…

iptables routing route tcpdump

asked Feb 25 '21 at 11:09

cnd

169
4

0

votes

0 answers

need help to understand tcpdump

Background: I have a web server hosted on 10.20.30.177:7000 and it should be accessible from 10.20.30.1 (m1) and 172.17.2.88 (m2). I am able to access from m1 and not from m2. I understand there can be 100 of reasons for this behavior and i am…

subnet tcpdump

asked Feb 11 '21 at 14:18

PKV

101

0

votes

1 answer

Two clients can connect to OpenVPN server but another cannot

I have an external OpenVPN server running Ubuntu 20.04 and 3 clients: Client1 (Android 11) Client2 (Windows 10 and Virtualbo host) Client3 (Ubuntu 20.04 Virtualbox guest) All 3 clients are able to SSH connect to the server but only client 1 and 2…

networking ssh openvpn linux-networking tcpdump

asked Feb 08 '21 at 18:31

Christian Toffolo

131
4

0

votes

1 answer

openvpn server not showing traffic using tcpdump

I have an OpenVPN server and two clients, I can ping clients from each other, but when I do so, I don't see any packets on the server using tcpdump Server is running on 192.168.0.1 and I try to capture traffic using tcpdump -i tun0 icmp…

routing openvpn tcpdump

asked Feb 06 '21 at 18:07

emte

103
3

0

votes

1 answer

Capturing IEEE802.11.x auth and capabilities data with tcpdump?

I'm troubleshooting some issues with my wireless network (OpenWrt 19.x and mobile device) and I came across this: https://dot11.exposed/2017/09/20/violation-of-802-11-standard-intel-wireless-cards-send-40mhz-intolerant-bit-in-5ghz/ Most notably,…

wifi tcpdump openwrt wpa2

asked Jan 16 '21 at 13:47

KreonZZ

13
3

Questions tagged [tcpdump]