Stack Overflow
Stack Overflow

Questions tagged [tcpdump]

tcpdump is a common packet analyzer that runs under the command line, utilizing BPF (Berkeley Packet Filter) language

tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. tcpdump relies on the underlying libpcap packet capture library.

1045 questions
0
votes
1 answer

why the outputs of tcpdump behaves defferent from three times handshake's definition

I ran the tcp's connection test on mac os using tcpdump and telnet. Here is my command: telnet localhost 3000 tcpdump -i lo0 port 3000 and here is the result: 16:44:23.751241 IP6 localhost.59405 > localhost.hbci: Flags [S], seq 396289691, win…
jack-nie
  • 736
  • 6
  • 21
0
votes
0 answers

How to extract just the list of hosts a device is connecting to with tcpdump

Does anyone know how I might go about filtering tcpdump, so that I can ultimately get a list of hosts (not IP's) with time stamps? I need to try to identify all the websites our test devices are going to and at what time. The exact URL is not…
Michael Vescovo
  • 3,741
  • 4
  • 32
  • 45
0
votes
1 answer

socket fin after syn ack on centos 7

I write a tcp server with epoll, it works right on Ubuntu, but strange things happens on CentOS7 occasional. client a try to connect to server b, the connection was build, the port for client is 59298, port for server is 8802, and the socketfd at…
songtzu
  • 90
  • 2
  • 12
0
votes
1 answer

what's the meaning of tcpdump option vnn

Here is a tcpdump command: # tcpdump -i eth0 -vnn udp -i means interface eth0 is the interface name udp means upd protocol, but, What's this option[-vnn] meaning?
beautifularea
  • 47
  • 2
  • 9
0
votes
1 answer

Android: Android kill tcpdump process

First sorry for my bad English. I have developed an app in Android Studio. It call tcpdump (Process process = Runtime.getRuntime().exec("su -c tcpdump -s 0 -v -w /sdcard/capture.pcap");). Initially it works correctly. However, tcpdump process is…
Jonas Pontes
  • 1
  • 1
0
votes
3 answers

tcpdump: Couldn't find user 'pcap'

I am using RHEL 5.4, tcpdump is already installed also there is a user pcap but I am getting following message. [root@localhost ~]# tcpdump tcpdump: Couldn't find user 'pcap' [root@localhost ~]# Already tried searching the web, but there is no…
Altmish-E-Azam
  • 1,561
  • 1
  • 13
  • 24
0
votes
1 answer

extracting packet size and passing it as parameter to script

Everytime a packet arrives in the port eth1, I want to extract its packet size and pass this as parameter to my script cap.sh. My approach: I tried tcpdump -nttv -i eth1 It provided 1466352405.455975 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF],…
user2532296
  • 828
  • 1
  • 10
  • 27
0
votes
1 answer

Capture the hostname only

I need to capture only the hostnames to the network I connect. I don't need the full traffic. e. g. I expect to get only names like "www.google.com", "facebook.com", "plus.google.com" etc. and save them in a file. What TCPDUMP command should I run…
Chitholian
  • 432
  • 1
  • 10
  • 19
0
votes
2 answers

TCPDump and TCPReplay to record and replay requests to application servers

Can TCPDump and TCPReplay be used to record(tcpdump) network traffic coming in to a application server/webserver/queue application etc., and then replayed using the dump on TCPReplay? Let's say I setup a apache server and use TCPDump to capture the…
tsar2512
  • 2,826
  • 3
  • 33
  • 61
0
votes
1 answer

HttpSession.invalidate() and TCPDUMP

I use TCPDUMP to track some applications' HTTP traffic, running under certain processes (IP@ + Port). When I invoke a page, TCPDUMP does indeed show the whole traffic behavior. Even when I sign in through a Login/Password form, the generated traffic…
Mohamed Ennahdi El Idrissi
  • 2,931
  • 2
  • 19
  • 32
0
votes
1 answer

How to use tcpdump using a frequency and channel

I am trying to use tcpdump monitor mode to monitor wireless traffic. My mac by default looks for traffic in 5 MHz. Is there any way to I can choose the frequency my wireless card does the monitoring in ? Currently my command is: sudo tcpdump -iI…
user3257548
  • 83
  • 1
  • 7
0
votes
1 answer

Average tcpdump on each k sec/ms/

I have a small issue that I hope you could help me. Let's take the following input file(generated with tcpdump): 00:20:30.812373 52 00:20:30.833678 52 00:20:30.971499 52 00:20:30.993451 52 00:20:31.067043 634 00:20:31.067075 98 00:20:31.068532…
Cosmin Mihu
  • 264
  • 1
  • 3
  • 9
0
votes
1 answer

can i display the tcp status in wireshark?

Im using tcpdump to generate some captures between a client, proxy and an origin server. I was wondering if its possible to either within wireshark or thru some param to indicate in each packet what TCP status the device is at e.g. ip 10.20.30.34 --…
wmitchell
  • 5,665
  • 10
  • 37
  • 62
0
votes
1 answer

Recursively Filter directory of .cap/.pcap Files With tshark

I am trying to apply a Wireshark filter to a directory of .cap files created by tcpdump. I have about a 1000 .cap files awaiting filtering (we are intentionally capturing without filters to ensure we have all the data we need in case our hypothesis…
hyraxai
  • 35
  • 10
0
votes
1 answer

Different order of packets in Wireshark vs tcpdump/libpcap?

I noticed that for the transfer of one-packet file from remote FTP site to localhost on Linux, Wireshark can always capture the packets in correct order but not in tcpdump/libpcap or simple recvfrom on RAW_PACKET with promiscuous mode on. In the…
jiping-s
  • 483
  • 1
  • 5
  • 13
1 2 3
69 70