Highest Voted 'tcpdump' Questions - Server Fault Stack Exchange

7

votes

3 answers

tcpdump - how to check rate of packets?

I'm using this script that actually checks for the rate of incoming packets and it gets triggered if the rate hits 5mbps or more. The packets are then logged to a tcpdump file. interface=eth0 dumpdir=/tmp/ while /bin/true; do pkt_old=`grep…

tcpdump

asked Jul 05 '13 at 09:56

Asad Moeen

437
3
11
22

7

votes

1 answer

tcpdump capturing tcp resets by host

I am trying to figure out where my tcp resets on my webserver happen. I have the following capture: tcpdump -fnni bond0:-nnvvS -w dump.pcap 'tcp[tcpflags] & (tcp-rst) !=0' When I look at the pcap in wireshark shows me resets: Flags: 0x004…

asked Jun 19 '13 at 16:21

rahrahruby

587
6
12
21

7

votes

1 answer

tcpdump shows traffic until I use a filter

I have a server that is receiving traffic from a mirror port on a switch. The interface that is connected to this mirror port is in promisc mode. When I use just a plain catch all tcpdump on the interface, like tcpdump -nn -i eth1 I see a ton of…

tcpdump

asked Feb 21 '13 at 15:16

MichaelB

541
4
10

7

votes

2 answers

How filter only keep-alive packet with tcpdump

I need to analyze a traffic-dump on my network to check if all the PCs have enabled tcp keep-live features. I'm using tcpdump for that purpose. What I need to know is if there is a possibility to filter for only the keep-alive packets. On windows I…

linux keep-alive tcpdump

asked Nov 08 '12 at 15:39

enzo1959

195
1
1
8

7

votes

2 answers

tcpdump: snaplen set to 0 but still get "Packet size limited during capture"?

Due to this problem, I'm going to sniff some packets on the MySQL server backend to see what happens: # tcpdump -vv -s0 -c 100 -i bond0 tcp port 3306 and host 192.168.3.87 -w /home/quanta/3.87_aborted.pcap As you can see, I set snaplen to 0, but…

networking tcp wireshark tcpdump tcp-offload-engine

asked Jul 30 '12 at 10:38

quanta

51,413
19
159
217

7

votes

2 answers

Clarification about Linux TCP window size and delays

I have delays when sending data through a TCP channel I am not able to understand. The link is a 1Gb link with a end to end latency of roughly 40ms. In my current setup, latency (the time from one message to go from the sender user space to the…

linux tcp tcpdump tcp-slow-start

asked May 07 '12 at 21:08

jlafaye

185
1
1
7

7

votes

3 answers

How to reproduce http traffic of a real site in another environment (e.g. VM)

There is a bug in my web application which I cannot reproduce. All the logs look ok or at least I cannot see anything unusual. But it happens. So I thought I could record all the traffic to/from my web site waiting for the bug to happen and having…

linux http tcpdump network-traffic tcpreplay

asked Aug 12 '11 at 04:40

tomazy

473
1
6
8

7

votes

2 answers

tcpdump - just output the packet contents line by line

I'm trying to use tcpdump on the DEFCON packets. Here's the command I'm using: tcpdump -qns 0 -X -r ulogd.eth0.pcap And here's the output I'm getting: 10:39:12.356410 IP 192.168.103.2.3101 > 192.168.102.2.80: tcp 0 0x0000: 4500 0028 0557 4000…

linux ubuntu tcpdump

asked Jul 15 '11 at 11:55

Eamorr

616
5
14
27

7

votes

1 answer

tcpdump filter for tcp zero window messages

Is there a pcap filter for TCPDump that will allow be to filter zero window messages? I know how to filter these in a wireshark display filter (tcp.analysis.zero_window) but the amount of data I need to work with easily crashes wireshark (at least…

networking tcp wireshark tcpdump pcap

asked Feb 20 '11 at 17:13

Kyle Brandt

83,619
74
305
448

7

votes

5 answers

How to Break Up Large tcpdump Files

Is there something that can break up tcpdump file after the captuure and make sure the breaks are on the border of packet data? Like -C but after the fact.

tcpdump

asked Mar 18 '10 at 11:59

Kyle Brandt

83,619
74
305
448

6

votes

2 answers

Linux: tracking the source of netstat -s "failed connection attempts"

I have several servers, where the failed connection attempts metric returned by netstat -s (from /proc/net/snmp) grows by roughly one per second, and I'd like to diagnose the source of these. By using this ipTables rule (on a different server): …

linux networking redhat tcpip tcpdump

asked Nov 27 '17 at 20:50

Graham Nicholls

291
2
5
13

6

votes

3 answers

How would a PCAP filter look like to capture all DHCP related traffic?

As I understand it, for IPv4 I would need to capture UDP port 67 and 68, ARP, ICMP echo request and reply, and for IPv6 I would need UDP port 546 and 547, all DHCP-related multicast addresses, ICMPv6 neighbor discovery. I want to capture DHCP…

dhcp wireshark tcpdump pcap

asked Aug 16 '15 at 12:53

Mathias Weidner

417
3
10

6

votes

2 answers

TCP Dump, cannot understand these 4 lines?

I need support understanding these 4 lines. looks like tcp dump but im actully not understanding what exactly is happening here. 13:13:22.407445 IP 192.168.246.128.54955 > 192.168.246.13.80: S 2910497703:2910497703(0) win 5840

tcp tcpip tcpdump

asked Nov 17 '14 at 20:47

Kell90

69
1
1
2

6

votes

4 answers

One second delay before tcpdump returns packets

Using Ubuntu, I'm trying to sync tcpdump sniffing with self-identifying "pings" from a client device. The problem is that getting precise starts and stops is made difficult by what looks like a built-in delay in tcpdump. Here's the key line from my…

bash wifi linux-networking tcpdump

asked Apr 29 '14 at 20:12

dlanced

247
1
4
13

6

votes

3 answers

identifying vlan packets using tcpdump

I'm trying to figure out the vlan tagged packets that my host receives or sends to other hosts. I tried tcpdump -i eth1 vlan 0x0070 But it didnt work. Has anyone tried to view the vlan packets through tcpdump before? Couldn't find much help…

networking vlan tcpdump

asked Dec 18 '13 at 23:00

madCode

161
1
1
4

Prev 1 2

3

…

31 32 Next

Questions tagged [tcpdump]