Highest Voted 'tcpdump' Questions - Server Fault Stack Exchange

4

votes

1 answer

Making TCP dump without packets loss

How to make a TCP dump where it is guaranteed that all the packets that really pass through the network are captured, and nothing is missed? Details: We have an issue with 3rd party vendor who provides a solution on top of SCTP stack, which he also…

asked Jul 03 '14 at 10:22

Neighbour

81
3

4

votes

4 answers

Why on linux machines, any packets do not pass except icmp, but correctly pass on windows

There is a cluster on proxmox. In a cluster have vm - configured router (pfsense). In the our net have Windows and Linux machines. There is the problem: Windows-machines have access to the internet, but linux-machines do not have. All Linux machines…

linux networking firewall routing tcpdump

asked Jan 11 '14 at 19:11

kvaps

253
3
9

4

votes

1 answer

pretty-printing IP packets

I'm receiving IP packets using the SLIP protocol, and I'd like to pretty-print them similarly to how tcpdump does it. My program is able to decode the SLIP protocol and create a single string containing an IP packet if necessary. I couldn't find any…

ip tcpdump serial

asked Oct 18 '13 at 23:45

pts

435
1
5
16

4

votes

2 answers

How to parse OpenFlow packets using tcpdump capture file programmatically

I am working with OpenFlow packets and am analyzing the network via tcpdump. Currently, I use the WireShark GUI to parse the generated capture file and it does serve my need. However, I was wondering whether WireShark has an API so the same can be…

wireshark tcpdump openflow

asked Jun 20 '13 at 16:39

spiritusozeans

225
2
10

4

votes

2 answers

How to use Linux to capture packets on eth0 and send everything to eth1?

Today I got an enterprise Internet connection together with a Sagemcom router. The first time it is connected to the Internet, it will spend 20 minutes upgrading the firmware. I would really like to capture all the traffic for this upgrade using a…

linux networking centos wireshark tcpdump

asked Apr 05 '13 at 08:54

Sandra

10,303
38
112
165

4

votes

1 answer

tcpdump failed withi permission denied on centos when using with rotated file option

When I use tcpdump on centos 6, I got a permission denied error even when I was root. My command is like this: sudo tcpdump -i eth0 -G 10 -w test.dmp port 80 i have tried with -Z root or -Z my_username but no luck sudo tcpdump -i eth0 -Z root -G 10…

tcpdump

asked Sep 04 '12 at 15:52

Sean Nguyen

143
1
1
8

4

votes

2 answers

tcpdump file size == traffic size?

I created a tcpdump file: tcpdump -i eth0 host xxx.208.xxx.59 -n -s 0 -vvv -w /tmp/dump.dmp duration was about 3 hours. This file now has 450 MB. Can I say now that the IP xxx.208.xxx.59 generated 450 MB traffic in 3 hours?

tcpdump packet-sniffer sniffing

asked Aug 10 '12 at 00:44

Danzzz

165
1
5

4

votes

3 answers

TCP segments of an HTTP Request in wrong order

My web-services server sometimes does not receive correct HTTP requests and returns "500 - Internal Server Error". Using tcpdump and Wireshark on the server, I found out that HTTP requests are splitted into 2 TCP packets, and that sometimes, the…

networking wireshark tcpdump

asked Jun 20 '12 at 11:28

Pierre Laporte

143
1
4

4

votes

1 answer

how to view hostnames in traffic entering my webserver (Apache)?

Is there any way I can view the hostnames used by incoming traffic that is accepted by my apache webserver? For example, say the webserver is set up to process incoming traffic for an IP address, but there are several host names the webserver can…

apache-2.2 web-server wireshark tcpdump

asked Feb 18 '12 at 22:50

gkdsp

582
1
6
19

4

votes

2 answers

how to calculate packet loss from a binary TCPDUMP file

Our connection to just one remote server on port 80 over the internet is not working properly. (From time to time it is working and sometimes not) It must be some kind of packet loss, because from other clients there are no problems. It is just…

networking tcp tcpdump

asked Dec 01 '11 at 11:29

JMW

1,463
4
19
27

4

votes

1 answer

Can tcpdump tell accessed port numbers?

I have a server with two NICs, and I would like to only have those ports open on eth1 that are being used. Question How do I get tcpdump to tell me the port numbers that is being accessed on eth1?

linux firewall iptables tcpdump

asked Oct 21 '11 at 11:48

Sandra

10,303
38
112
165

4

votes

1 answer

Daemon can't be started from fabric script or on boot - only interactively

I have a daemon script in /etc/init.d that performs some background packet logging using the tcpdump command. The script starts up fine using an interactive shell using sudo /etc/init.d/packetlog start When I execute the same command through my…

linux python daemon tcpdump fabric

asked May 17 '11 at 16:06

rupello

115
9

4

votes

2 answers

What program sent which packet to the network

I would like to have a tcpdump like program that shows which program sent a specific packet, instead of just getting the port number. This is a generic problem I've had on and off sometimes when you have and old tcpdump file lying around you have no…

linux networking wireshark tcpdump

asked Dec 16 '10 at 12:23

Erik Johansson

261
2
8

4

votes

1 answer

tcpdump and congestion window

Sniffing http traffic to my (linux) server it seems like it always responds advertising a window size of 14. It isn't affected if I change the default initcwnd size (with ip route), and it doesn't increase if I download a big file, even if the speed…

linux http tcp tcpdump

asked Nov 26 '10 at 19:44

foober

61
4

4

votes

2 answers

Anyone can tell their experience with 10g Ethernet adapters on Linux

I wonder if any of you have an experience with 10g NICs (Intel, Myricom, SMC tiget, napatech, or by any other brand). Questions are: Was it easy to install, or a hassle, How does this adapter appear on the interface list (ifconfig), as a single one…

linux linux-networking tcpdump 10gbethernet java

asked Jul 26 '10 at 17:54

Tzury Bar Yochay

727
11
24

Questions tagged [tcpdump]