Stack Overflow
Stack Overflow

Questions tagged [tcpdump]

tcpdump is a common packet analyzer that runs under the command line, utilizing BPF (Berkeley Packet Filter) language

tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. tcpdump relies on the underlying libpcap packet capture library.

1045 questions
18
votes
2 answers

windows 10 bash tcpdump: socket: Invalid argument

I am using windows 10 bash to use tcpdump From tutorial i found that to listen to a interface command is: tcpdump -i eth0 //eth0 is ethernet interface tcpdump -i any // to listen to any interface In both cases I am getting tcpdump: socket: Invalid…
Al-Alamin
  • 1,438
  • 2
  • 15
  • 34
18
votes
1 answer

How to filter MAC addresses using tcpdump?

I am running tcpdump on DD-WRT routers in order to capture uplink data from mobile phones. I would like to listen only to some mac addresses. To do this I tried to run the command using a syntax similar to Wireshark: tcpdump -i prism0 ether src[0:3]…
Giovanni Soldi
  • 385
  • 1
  • 4
  • 12
18
votes
3 answers

Capture RTP and SIP Traffic using tcpdump

I need to capture SIP and RTP traffic to find a problem with something. I can capture SIP messages fine but am having a problem with capturing the RTP traffic. I've tried the following but this is only getting out the SIP packages and no…
Boardy
  • 35,417
  • 104
  • 256
  • 447
16
votes
1 answer

Cross Compile - tcpdump for x86

I need tcpdump binary for android-x86. Here is what I have done: sudo apt-get install gcc-i686-linux-android sudo apt-get install byacc sudo apt-get install flex wget http://www.tcpdump.org/release/tcpdump-4.9.0.tar.gz wget…
user3806649
  • 1,257
  • 2
  • 18
  • 42
16
votes
2 answers

Handling tcpdump output in python

Im trying to handle tcpdump output in python. What I need is to run tcpdump (which captures the packets and gives me information) and read the output and process it. The problem is that tcpdump keeps running forever and I need to read the packet…
ashish g
  • 429
  • 1
  • 7
  • 16
16
votes
3 answers

Easiest way to convert pcap to JSON

I have a bunch of pcap files, created with tcpdump. I would like to store these in a database, for easier querying, indexing etc. I thought mongodb might be a good choice, because storing a packet the way Wireshark/TShark presents them as JSON…
Erik
  • 11,944
  • 18
  • 87
  • 126
15
votes
1 answer

how to capture only http with tcpdump with linux

First I capture all data with : tcpdump -i any -s 0 -w /tmp/http.cap no I want capture 'only http' I tried to add : and port http But it is incorrect. thanks
user2302639
  • 368
  • 1
  • 2
  • 12
15
votes
1 answer

Filter a pcap dump file for a specific time range

Is there any easy way to create a pcap file for the packets related to a specific datetime range maybe using tshark, tcpdump or another commandline tool? tshark -R with frame.time seems promising but I haven't been able to work that out…
Filippo Vitale
  • 7,597
  • 3
  • 58
  • 64
14
votes
2 answers

TcpDump: showing the absolute timestamp (date + time) of pcap file

I want to see the absolute timestamp of the packets in a pcap file using tcpdump. When I use the command tcpdump -r mypcapfiile it only shows the time,   03:21:14.804778 IP static.vnpt.vn.51193 > 192.168.0.146.smtp how can read the date as well?
Alex
  • 1,914
  • 6
  • 26
  • 47
14
votes
2 answers

Subprocess Variables

1 import subprocess 2 raw = raw_input("Filename:").lower() 3 ip = raw_input("Host:").lower() 4 cmd = subprocess.call("tcpdump -c5 -vvv -w" + " raw " + " ip ",shell=True) So this is my script. I everything works besides one key objective,…
John Riselvato
  • 12,854
  • 5
  • 62
  • 89
14
votes
2 answers

icmp request received, but doesn't reply

I set up 3 CentOS servers, configured server2 as router between 192.168.1.0/24 and 30.0.0.0/24, but ping can't get through. I tried ping 192.168.1.62 from server1, according to tcpdump on server3, ICMP request is received, but it doesn't generate…
Robby
  • 159
  • 1
  • 1
  • 5
14
votes
6 answers

UDP multicast client does not see UDP multicast traffic generated by tcpreplay

I have two programs: server ... it generates UDP traffic on a chosen multicast listener ... it prints UDP traffic on a chosen multicast (it subscribes to a multicast and prints whatever it receives). When I run the server on…
Matej Košík
  • 141
  • 1
  • 1
  • 5
13
votes
3 answers

"tcpdump -w 1.pcap" works, but "tcpdump -C 100 -w 1.pcap" - permission denied

I need to limit file size when I run "tcpdump -w 1.pcap". I try to do this with the key "-C", but when I add it I get error "permission denied". So: > sudo tcpdump -w 1.pcap tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535…
fd8
  • 137
  • 1
  • 1
  • 6
13
votes
0 answers

udp packet caught by tcpdump, but not received by socket

I wrote a rawudp program to send udp packet via raw socket, following the webpage http://www.tenouk.com/Module43a.html. Then I wrote a udp server to listen to udp packets on given port. The codes look like follows: ... sd = socket(AF_INET,…
Eric Lee
  • 131
  • 1
  • 1
  • 4
12
votes
2 answers

How can I see the full snaplen capture using tcpdump?

I can't seem to see all the data of a capture when using tcpdump. Specifically I seem to be missing 6 bytes off of the head of the frame and I'm wondering if anyone can explain why. To illustrate, I setup a Ubuntu instance on VMWare in a host-only…
Simon Chiang
  • 835
  • 1
  • 8
  • 14
1
2
3
69 70