Highest Voted 'tcpdump' Questions - Server Fault Stack Exchange

6

votes

1 answer

How can I filter MongoDB Replica Set Heartbeats with tcpdump?

Occasionally, when troubleshooting the health of a replica set, I'd like to filter out the heartbeat packets specifically, track them going out, and the subsequent reply (or lack thereof) without all the noise of the other data that is flowing…

networking mongodb tcpdump

asked Jul 09 '13 at 16:00

Adam C

5,222
2
30
52

6

votes

2 answers

Packets only get forwarded when tcpdump running on bridge

I ran into the oddest thing when trying to debug a networking issue with OpenStack. I was doing a ping test between virtual machines. The ICMP request packets only made it to the destination host if I did a "tcpdump" on the bridge interface on the…

linux bridge tcpdump openstack icmp

asked Jun 16 '13 at 04:12

Lorin Hochstein

5,028
15
56
72

6

votes

2 answers

Capture network traffic simultaneously on three interfaces

I need to capture traffic on a CentOS 5 server which acts as a web proxy with 2 wan interfaces and 1 LAN. In order to troubleshoot a weird proxy problem, I would like to have a capture of a full conversation. Since external connections are balanced…

networking tcpdump packet-capture

asked Aug 21 '12 at 06:49

drcelus

1,254
4
14
28

6

votes

2 answers

How can I make tcpdump stop the capture after a certain number of packets captured?

I am debugging a problem where two servers get stuck in a loop when communicates with each other. After a server restart the problem will start at some point, it can be in an hour or in a day. I want to tcpdump the traffic when the problem starts so…

linux tcpdump

asked Jul 21 '12 at 11:58

ygram

191
1
1
5

6

votes

2 answers

Cheap way to detect client round trip times for http

I am trying to figure out a way to detect round trip times for each IP that connects to port 80 on my server. What is a good way to do this? There are far to many connections, and pinging each ip is not practical. I was thinking, somehow measuring…

linux networking nginx linux-networking tcpdump

asked Jul 18 '12 at 19:45

sajal

602
7
12

6

votes

1 answer

iptables drop packet by hex string match

I got this packet captured with tcpdump but I'm not sure how to use the --hex-string param to match the packet. Can someone show me how to do it? 11:18:26.614537 IP (tos 0x0, ttl 17, id 19245, offset 0, flags [DF], proto UDP (17), length 37) …

iptables tcpdump packet

asked Jul 02 '12 at 14:47

Flint

631
5
10
18

6

votes

4 answers

Log network traffic with process ID on Mac OS X?

I want to log all network traffic on a Mac OS X server (like tcpdump does), but including the ID of the process that is responsible. Using lsof only gives me the current connections, not the past ones. Is there a way to do this? Regards, Jochen

mac-osx tcpdump lsof

asked Nov 29 '10 at 00:05

Jochen

191
1
1
7

6

votes

3 answers

What do "Unknown SSAP" and "Unknown DSAP" mean in tcpdump?

While trying to fix a problem with intermittently losing internet connection on a machine with a wireless connection to a router, I ran tcpdump and noticed packets with "Unknown SSAP" and "Unknown DSAP" errors coming at a rate of a few per…

linux router linux-networking tcpdump

asked Nov 17 '10 at 04:38

lacker

181
1
2
3

5

votes

4 answers

How can i see packets while capturing with tcpdump

How can I see traffic while I am capturing it with tcpdump. When I use -w, it doesn't show the packets during the capture. sudo tcpdump -i enp2s0 -w test.pcap tcpdump: listening on enp2s0, link-type EN10MB (Ethernet), capture size 262144 bytes ^C6…

tcpdump pcap

asked Mar 28 '19 at 09:55

Olivier Lasne

261
2
7

5

votes

2 answers

TCP Messages Merged?

I have an application that sends 100 of 186-byte (excluding headers) TCP messages back to back without gap from host A to host B. I ran tcpdump to capture the packets on host A (where the sender is), and I noticed that after few messages (like 9),…

networking centos6 tcp tcpdump

asked Dec 26 '15 at 10:55

Hei

175
1
1
6

5

votes

1 answer

Nginx TCP Fast Open Issue

I have configured Nginx and Apache on one of my servers. The nginx server listens on port 80 and Apache on port 81. Nginx works as a reverse proxy. In nginx I configured TCP Fast Open: server { listen 107.6.155.74 fastopen=50; server_name…

nginx tcp tcpdump chrome

asked Apr 29 '15 at 14:57

Daniel Kanchev

51
1
4

5

votes

2 answers

Tcpdump maximum split file size

I refer to this thread : how to split a pcap file into a set of smaller ones I have tried to use the command tcpdump -r old_file -w new_files -C 4096 and tcpdump returns tcpdump: invalid file size 4096 So far I have tested until 2048 (x1,000,000…

tcpdump

asked Nov 28 '14 at 05:59

CheeHow

161
5

5

votes

3 answers

Tcpdump on ec2 not seeing all packets

I'm running tcpdump on an Amazon EC2 instance to monitor HTTP traffic going to Nginx (this is just a test box, the only resource is the example test page). Running tcpdump with the command # tcpdump -vn -i any port 80 shows the packets from a…

amazon-ec2 tcpdump packet-capture packets packet-sniffer

asked Jul 17 '14 at 14:50

Jordan

51
1
2

5

votes

3 answers

tcpdump Server Hello Certificate Filter

On a devices located between my local network and a router, (all the traffic pass through) I need to read the common name from Hello Server Certificate packet. So I'm trying to figure out how to get the proper filter with tcpdump. I found help from…

ssl tcpdump

asked Feb 10 '14 at 09:51

Kuruwan

91
2
2
8

5

votes

2 answers

Ubuntu 12 crashed and took down network

We recently set up a new Ubuntu 12.04LTS server on our network. It's not fully configured so it's not doing much beyond sshd and a default apache2 install. But this evening it appears to have crashed. It wasn't responding to the network or the…

ip arp tcpdump ubuntu-12.04

asked Jul 09 '12 at 04:03

Leopd

1,757
4
24
30

Questions tagged [tcpdump]