Stack Overflow
Stack Overflow

Questions tagged [tcpdump]

tcpdump is a common packet analyzer that runs under the command line, utilizing BPF (Berkeley Packet Filter) language

tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. tcpdump relies on the underlying libpcap packet capture library.

1045 questions
12
votes
1 answer

What does "oui Unknown" means in tcpdump?

Please refer to example packet: 2010-08-22 21:35:26.571793 00:50:56:9c:69:38 (oui Unknown) > Broadcast, ethertype Unknown (0xcafe), length 74 0x0000: 0200 000a ffff 0000 ffff 0c00 3c00 0000 ............<... 0x0010: 0000 0000 0100…
Ankit Raj
  • 917
  • 1
  • 7
  • 18
12
votes
2 answers

Understanding Tcpdump filter & bit-masking

I am trying to sniff the http headers by using tcpdump. This filter works well but I can't understand it - (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0) I've googled it but I can't find any useful info Here is the whole tcpdump…
kingasmk
  • 1,993
  • 2
  • 17
  • 17
11
votes
2 answers

I am having issues with tcpdump in terminal

I always end up with this error message, "tcpdump: ioctl(SIOCIFCREATE): Operation not permitted" Any ideas to what I am doing wrong. I am running this on OS X Yosemite.
ccramer
  • 121
  • 1
  • 1
  • 4
11
votes
2 answers

Parsing pcap taken from wireshark file using - Java

I am working on converting PCAP file taken from wireshark using JAVA without using native or ready libraries. i converted the bytes to string directly just for checking the meaningful parts of it. then i tried to convert it from hexadecimal to…
MBH
  • 16,271
  • 19
  • 99
  • 149
11
votes
3 answers

Tcpdump capturing Ethernet frames

How can i use tcpdump to capture Ethernet frames and display any frame sent or received by the local PC with one of the UDP, ARP, and ICMP protocols. I was trying this command: sudo tcpdump -e udp or arp or icmp but, i thinks it's wrong.
user3680999
  • 123
  • 1
  • 1
  • 4
11
votes
2 answers

tcpdump with multiple dst IP addresses?

Can I specify more than 1 dst ip address for tcpdump? If not, how shall I filter the information nicely if I only want the traffic for two specific destinations? Thank you very much!
Ra1nWarden
  • 1,170
  • 4
  • 21
  • 37
10
votes
2 answers

How to resolve tcpdump dropped packets?

I am using tcpdump to capture network packets and running into issue when I start dropping packets. I ran an application which exchanges packets rapidly over network; resulting in high network bandwidth. >> tcpdump -i eno1 -s 64 -B 919400 126716…
ankit patel
  • 1,399
  • 5
  • 17
  • 29
10
votes
2 answers

How to see all Request URLs the server is doing (final URLs)

How list from the command line URLs requests that are made from the server (an *ux machine) to another machine. For instance, I am on the command line of server ALPHA_RE . I do a ping to google.co.uk and another ping to bbc.co.uk I would like to…
Cedric
  • 5,135
  • 11
  • 42
  • 61
10
votes
3 answers

Setting TCP receive window in C and working with tcpdump in Linux

I am running a Linux box running 2.6.9-55.ELsmp, x86_64. I am trying to set the TCP receive window by using the setsockopt() function using C. I try the following: rwnd = 1024; setsockopt(sock, SOL_SOCKET, SO_RCVBUF, (char *)&rwnd,…
Sonny
  • 2,103
  • 1
  • 26
  • 34
10
votes
3 answers

how to save a new file when tcpdum file size reaches 10Mb

I want to capture my network traffic with using tcpdump and if captured packet rise is 10mb i want to make another file.how can i schedule this with tcpdump. please be kind enough to help me. thank you.
Kevin Ð Alwis
  • 165
  • 1
  • 1
  • 13
10
votes
5 answers

How do I get a specific range of packets from a large pcap file with tcpdump?

I've got a huge pcap file (100GB) and I'm interested in a small number of packets which I know are numbers 5,000,000 to 5,000,020. How can I use tcpdump to read a pcap file, filter out packets by packet number (or range), and then write them out to…
growse
  • 3,554
  • 9
  • 43
  • 66
10
votes
1 answer

libpcap can't capture IP fragments

I want to capture UDP packets which are destined to a local port, the filtering expression is like udp port 20000. I notice if there are IP fragmentation on a UDP packet, libpcap can only capture the first IP fragment. I guess the reason is the…
misteryes
  • 2,167
  • 4
  • 32
  • 58
10
votes
2 answers

tcpdump - how to filter based on tcp connection time / duration

Is there a possibility to filter tcpdump (live or after creating a dump) based on tcp connection time (connection duration)? I'm recording http json rpc traffic. I want to record only connections that are longer than lets say 1000 ms. In wireshark…
Tereska
  • 751
  • 1
  • 7
  • 25
10
votes
6 answers

Packet capture in RDMA?

Is there any utility like tcpdump in Linux for capturing the traffic which is going over RDMA channel? (Infiniband/RoCE/iWARP)
dhavale
  • 123
  • 1
  • 6
10
votes
1 answer

Client sends delayed FIN ACK (~500ms) to server

I have a node.js client (10.177.62.7) requesting some data from http rest service from server (10.177.0.1). Client is simply using node.js http.request() method (agent=false). Client is on Ubuntu 11.10 box. Why client sends FIN ACK after 475ms? Why…
Tereska
  • 751
  • 1
  • 7
  • 25
1 2
3
69 70