Highest Voted 'tcpdump' Questions - Server Fault Stack Exchange

5

votes

6 answers

Log tcpdump Output

What I basically want is to to write all tcpdump captured packets to a file every 3 days. So basically tcpdump should run for 24 hours on day 1 and write the output to Day1.log and similar for Day2 and Day3. On the 4th day it should repeat and write…

networking logging tcpdump

asked May 10 '12 at 18:35

Asad Moeen

437
3
11
22

5

votes

2 answers

Pings from VPN network to VPN client work; pings into from VPN client to VPN network fail - why?

We are in the process of setting up an OpenVPN server for some servers running in a cloud. We are stumped with a connectivity problem whereby the hosts on the VPN server's LAN can ping te VPN client, but the reverse is not true. The VPN client can…

openvpn ping tcpdump ip-forwarding

asked Mar 13 '12 at 23:24

jonseymour

243
1
5
13

5

votes

3 answers

Extracting SSL certificates from the network or pcap files

I will appreciate if someone can point me to a tool or approach to extract SSL/TLS certificates from live HTTPS connections (directly from the network) or from a network trace file (pcap file). I tried using ssldump but I was not able to extract the…

ssl ssl-certificate pcap tcpdump

asked Sep 20 '11 at 04:04

Apakoh

53
1
1
3

5

votes

3 answers

How can i sniff/dump HTTP protocol as ASCII for a port with tcpdump or altenative?

I need to view how an application is sending and is receiving traffic through a http protocol that it comunicates on localhost (it has an embeded port coded with .gz) I'm sure it's some XML that it sends and receives but i want to sniff it , and…

monitoring http tcpdump packet-sniffer

asked Jul 15 '10 at 22:29

PartySoft

217
1
7
12

5

votes

1 answer

How to specify both IP address and port in tcpdump?

I want to specify a source IP address, destination IP address and source port in my tcpdump filter. However, I keep getting syntax errors. How do I do that?

tcpdump

asked Jul 15 '20 at 09:07

user3207874

251
1
3
8

5

votes

2 answers

How can I capture IPSEC packets on my VPN server?

I am running a strongSwan (U5.3.5/K4.4.0-62-generic) VPN server on Ubuntu 16.04. Ususally, when I want to examine traffic on a server, I simply run something like the following: tcpdump -ni eth0 "tcp port 80" -w log.pcap On the VPN server it…

ipsec tcpdump strongswan

asked Jun 09 '20 at 14:37

Oleg

373
1
7
17

4

votes

1 answer

Random timestamp on first syn-ack on loopback

Preface We are testing some host based IPS. In this test case, our application is listening on the loopback and the application is receiving traffic in clear text. We are using either nginx or haproxy to terminate TLS on the public interface. …

centos7 tcpdump

asked Apr 10 '18 at 21:26

Aaron

2,859
2
12
30

4

votes

1 answer

Does tcpdump ethernet packet length include ip packet and data length?

Does the Ethernet packet header length displayed by tcpdump include the size of the IP packet as well as the data contained ?

networking tcpdump

asked Oct 16 '16 at 05:40

termcap

93
1
7

4

votes

1 answer

tcpdump only showing output after stopping it

I am trying to see if I get ping packets through one interface but tcpdump shows nothing. However, as soon as I stop it (Ctrl + C), all the packets appear and the summary looks good. For example: 11:49:45.486887 IP 11.0.0.1 > 11.0.0.9: ICMP echo…

tcpdump

asked Sep 22 '16 at 11:53

mosquetero

299
2
12

4

votes

1 answer

tcpdump - shows VLAN tag, but filtering doesn't work?

I'm running tcpdump on a mirrored port and when I use a simple tcpdump command it shows the VLAN id: tcpdump -i eth1 -n -e 22:02:53.308715 78:31:c1:c6:c8:9e (oui Unknown) > Broadcast, ethertype 802.1Q (0x8100), length 114: vlan 10, p 0, ethertype…

vlan tcpdump

asked Jul 23 '16 at 22:04

SofaKng

389
1
11
18

4

votes

1 answer

Unknown tcpdump packets

I was just doing tcpdump on a linux server connected directly to a provider, and about every second and a half there is a line like this: 00:19:49.926700 00:15:c6:::** (oui Unknown) > 01:00:0c:cc:cc:cd (oui Unknown) SNAP Unnumbered, ui, Flags…

linux networking tcpdump

asked Oct 23 '09 at 04:56

yayim

75
1
1
7

4

votes

1 answer

Finding google unusual traffic

We are a small Internet provider. In order to get Internet access we are using NAT (10-20 users per one public IP). And lately we've met with Google blocking services (captcha and full block) and we were unable to find a proper solution for our…

nat tcpdump google ip-blocking flooding

asked Sep 09 '15 at 16:48

Alex

231
2
4

4

votes

1 answer

tcpdump freezes and not capturing properly without internet connection

When I don't have any internet conncetion and I want to capture network between local computers, tcpdump acts like this: 1.I start tcpdump using following command: tcpdump -ixenbr0 2.After I run it, tcpdump gets in freeze mode for about 1-2…

ubuntu ubuntu-14.04 tcpdump packet-capture

asked Jun 10 '15 at 07:13

Michel Gokan Khan

183
2
14

4

votes

1 answer

Tcpdump/Iptables on bridge interface without assigned IP address

I have set up a bridge interface without an ip on it. $ brctl addbr br0 $ brctl addif tap0 $ brctl addif tap1 $ ifconfig br0 up As seen above, this bridge is connecting 2 TAP interfaces setup through openvpn. I am able to ping and send traffic…

networking iptables openvpn bridge tcpdump

asked May 19 '15 at 09:19

ByteFlinger

193
1
1
7

4

votes

4 answers

Monitor and collect statistics on TCP connection to src or dst host

I would like to collect stats on TCP/UDP packets sent between two hosts (A and B). I am looking for a tool to install on A and B to get the following information: kb/seconds packets/seconds (cumulative) bytes sent so far (cumulative) packets sent…

monitoring ubuntu-14.04 tcpdump metrics

asked Apr 27 '15 at 14:21

Skarab

327
3
11

Questions tagged [tcpdump]