Stack Overflow
Stack Overflow

Questions tagged [tcpdump]

tcpdump is a common packet analyzer that runs under the command line, utilizing BPF (Berkeley Packet Filter) language

tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. tcpdump relies on the underlying libpcap packet capture library.

1045 questions
7
votes
3 answers

24/7 packet capture in Android using tcpdump

I would like to get packet level data traffic captures (.pcap) in Android during a week (in several files if possible). I thought that I could use tcpdump via Shark, however I find that the capture stops after some time. The biggest packet capture I…
Ekhi
  • 497
  • 2
  • 6
  • 11
7
votes
2 answers

Tcpdump on openwrt

I'm looking for a tcpdump binary that runs on openwrt. The website only shows source code that must be built. Anybody point me to a location that contains a prebuild binary? Thanks.
Arun
  • 1,599
  • 5
  • 19
  • 33
7
votes
1 answer

Getting stdout from a tcpdump subprocess after terminating it

I am running tcpdump in a subprocess like this: pcap_process = subprocess.Popen(['tcpdump', '-s 0', '-w -', 'tcp'], stdout=subprocess.PIPE, stderr=subprocess.PIPE) The -w - argument is important: it tells tcpdump…
sk29910
  • 2,326
  • 1
  • 18
  • 23
7
votes
2 answers

Plot RTT histogram using wireshark or other tool

I have a little office network and I'm experiencing a huge internet link latency. We have a simple network topology: a computer configured as router running ubuntu server 10.10, 2 network cards (one to internet link, other to office network) and a…
LucasBr
  • 461
  • 1
  • 7
  • 19
7
votes
2 answers

tcpdump filter out arp and all stp packets

I need to capture on an interface with tcpdump and filter out all arp and stp/rstp packets. I tried this command, which does filter out arp, but I still see rstp packets: tcpdump -n -i ens224 not arp and not stp Also tried this, still see rstp…
Dave
  • 727
  • 1
  • 9
  • 20
7
votes
1 answer

tcpdump error message "That device doesn't support monitor mode"

Running Linux on a Xilinx ZCU102 development board. When using a 1000BASE-X & Tri-Mode Ethernet Mac. I can send pings out of the Ethernet port, but when I run tcpdump to try and show that packets are coming into the system... I get a strange error…
CraigDavid
  • 1,046
  • 1
  • 12
  • 26
7
votes
3 answers

Python with tcpdump in a subprocess: how to close subprocess properly?

I have a Python script to capture network traffic with tcpdump in a subprocess: p = subprocess.Popen(['tcpdump', '-I', '-i', 'en1', '-w', 'cap.pcap'], stdout=subprocess.PIPE) time.sleep(10) p.kill() When this script completes its…
olpo.graphy
  • 405
  • 8
  • 17
7
votes
2 answers

How intrusive is tcpdump?

I look around to find a documentation on tcpdump internals, but I did not found nothing yet. So my question is how intrusive is tcpdump on a computer. How to evaluate the amount of resources (memory or cpu) dedicated for the analysis of the traffic?
Fopa Léon Constantin
  • 11,863
  • 8
  • 48
  • 82
7
votes
0 answers

JAXB SOAP Client outbound message has empty soap body ()

I am using a mocked service in SOAP UI as my server side to get a response for a soap request I make from my Java web service client. My Java web service client forms a proper request but I get below response: 03-05-2016 00:03:00,562 |ERROR…
dev
  • 1,343
  • 2
  • 19
  • 40
7
votes
3 answers

Sniffing and displaying TCP packets in UTF-8

I am trying to use tcpdump to display the content of tcp packets flowing on my network. I have something like: tcpdump -i wlan0 -l -A The -A option displays the content as ASCII text, but my text seems to be UTF-8. Is there a way to display UTF-8…
Alexandre Dupuis
  • 139
  • 1
  • 3
  • 9
7
votes
1 answer

How to get tcpdump to save to a file without using binary?

I want to capture the packet content description and the packet data to a file with tcpdump for later inspection. Currently I am using the -w option to save packet data to a file: tcpdump -c 100 -w /root/tcpdump.txt This saves the packet data to…
Chris
  • 491
  • 2
  • 8
  • 15
7
votes
1 answer

tcpdump filter src dst port

I need to sniff voip traffic on 5060 port. And at the same time I need to exclude all packets where src port 5060 and dst port 5061 I need something like: tcpdump -i any -vvv -s0 port 5060 and (not src port 5060 and not dst port 5061) but the…
ky4k0b
  • 107
  • 1
  • 1
  • 8
7
votes
1 answer

how to edit wireshark pcap to change the order of packets

i have a pcap file captured using wireshark. suppose the pcap has 6 packets numbered from 1 to 6 as shown below. now i want to edit this pcap file so that i get the packets in some different order. For eg, if original pcap packets are…
mezda
  • 3,537
  • 6
  • 30
  • 37
7
votes
1 answer

frame contains "\x03\x00\x0e\xa8" display filter in wireshark displays packets not containing these bytes

i used the following filter in wireshark to find the packets containing these bytes : frame contains "\x03\x00\x0e\xa8" but when i see the result of this filter, it displays more than 1k packets which don't even contain these bytes. For example, it…
mezda
  • 3,537
  • 6
  • 30
  • 37
6
votes
1 answer

Delay of incoming network package on Linux - How to analyse?

The problem is: Sometimes tcpdump sees that the receiving of a UDP packet is held back until the next incoming UDP packet, although the network tap device shows it goes without delay through the cable. Scenary: My profinet stack on Linux (located in…
falkb
  • 1,294
  • 11
  • 35
1 2 3
69 70