Stack Overflow
Stack Overflow

Questions tagged [tcpdump]

tcpdump is a common packet analyzer that runs under the command line, utilizing BPF (Berkeley Packet Filter) language

tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. tcpdump relies on the underlying libpcap packet capture library.

1045 questions
0
votes
1 answer

TCPDUMP's Network Packets in IPv6 Format

I am new to tcpdump tool and I am working in the analysis of network packets, I have analysed the IPv4 Ip packtes generated in case of wifi. But Now I am running my android phone in sim's 3g network which is generated the IPv6 packets ,completely…
Mohd Irfan
  • 16
  • 2
0
votes
1 answer

Libpcap filter strings using "vlan" are behaving weirdly

I am getting some weird errors when using libpcap pcap_compile Please let me know if these are known issues or I am making some bpf formating/ordering mistakes For example: 1) if I pass (protocol_filter and vlan_filter), I see no packets: Like…
user3851499
0
votes
0 answers

Find the SYN and ACK flags from the TCP Packets By TCPDUMP

I am new to tcpdump . I have the packets by running the tcpdump command and the packets in the following way as given below: I want to know the connection establishment by using the SYN-ACK and connection Finished By using the FIN-ACK, So my…
Mohd Irfan
  • 16
  • 2
0
votes
1 answer

Why the python-tcpdum command can't capture packet in a file

I have the following TcpDump command written in Python but it doesn't give me any output file with the requested packets although I have TcpDump installed and tested on my Ubuntu VM : command = 'sudo /usr/sbin/tcpdump -i eth1 {} -c {} -s 0 -w…
Mohammad Alqahtani
  • 3
  • 2
0
votes
1 answer

Read libcap file with specific endianness

I wrote a c-lang program to read a .pcap file.What fogs me is that the data I read was with a different endianness as to WireShark. I'm working on X86 ach, as I can see, it's LittleEndian. So, can I read the .pcap file with BigEndian? How? Code…
Galaxy
  • 1,129
  • 11
  • 27
0
votes
1 answer

Connectivity issue - tcpdump reports ping a success, ping itself does not

I am having some connectivity issues. The arp table is not populated even if the arp request are successfully transferred on the wire. Which leads to unsuccessfully ping. When I add a arp entry manually, tcpdump shows replies but not ping…
user3066038
  • 21
  • 7
0
votes
1 answer

How to read a pcap file and save the data using cli?

I can write a program which does it, but actually, is there a way to do it in one liner from cli? I don't care about the time it takes, I prefer to have some standard solution instead of developing and to maintain my code. By data I mean everything…
e271p314
  • 3,841
  • 7
  • 36
  • 61
0
votes
1 answer

Building ssldump on Ubuntu

Has anyone built ssldump on Ubuntu lately? I am having trouble building http://downloads.sourceforge.net/project/ssldump/ssldump/0.9b3/ssldump-0.9b3.tar.gz - it appears to be referencing libraries that are too old for Ubuntu 12.04. I am trying…
vrtx54234
  • 2,196
  • 3
  • 30
  • 53
0
votes
1 answer

ngrep - inverted port results

I'm curious if ngrep can do inverted matched based on ports? I've tried something along the lines of: ngrep -d any -v port 22 interface: any filter: ( port 22 ) and (ip or ip6) And although it says the filter is for 'port 22', it doesn't pick up…
hobbes
  • 467
  • 1
  • 7
  • 22
0
votes
1 answer

Sending and Monitoring DNS Queries

I'm trying to monitor DNS queries on my server using tcpdump, but tcpdump doesn't seem to be picking up the request, or it's not being sent to my server. I run tcpdump on the server like so: tcpdump -vvv -s 0 -l -n port 53 I then send a DNS…
Barry Granger
  • 43
  • 5
0
votes
0 answers

How to decrypt packet data?

I have capture the packet in android device by using tcpdump but the packet data is in encrypted format. how can i get decrypted data. I have found the packet data as... actually i got got the more information in this format which in not human…
Sher Ali
  • 5,513
  • 2
  • 27
  • 29
0
votes
1 answer

Parsing raw .pcap flow in python

Let me first describe the architecture of my project. I am dumping packets from a router by using tcpdump ... | nc 1111 which translates them to a virtual machine, which has lots and lots of memory for this purpose. On the virtual machine…
PaulOverflow
  • 1,091
  • 1
  • 10
  • 12
0
votes
1 answer

pass as parameter tcpdump output

I want to execute something like this: sudo tcpdump -n dst port 40010 -X pass each packet received to bash file read.sh and foreach packet received execute read.sh It's like sudo bash read.sh -y (tcpdump -n dst port 40010 -X) Or tcpdump -n dst…
Ratiess
  • 59
  • 1
  • 7
0
votes
1 answer

How to print IP address using tcpdump and awk?

I used this command but I am unable to print multiple values before each '.' This command is only printing the 192 of 192.168.113.2. I want to print the rest as well in the same line. sudo tcpdump -i 2 -c 20 -n | awk -F '>' '{print $2}' | awk -F ':'…
user3481478
  • 387
  • 1
  • 3
  • 19
0
votes
2 answers

tcpdump - How to check if server received packet (acknowledged)

i am running tcpdump on my server to capture the traffic between my server (ServerA) and a remote server (ServerB). I do not know how to properly read output from tcpdump. Could someone point out if ServerB is acknowledging that the packets being…
Ali
  • 1,442
  • 1
  • 15
  • 29
1 2 3
69 70