Questions tagged [tcpdump]

tcpdump is a common packet analyzer that runs under the command line, utilizing BPF (Berkeley Packet Filter) language

tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. tcpdump relies on the underlying libpcap packet capture library.

1045 questions

votes

2 answers

tcpdump. Capture packets to target host

I have tcpdump on one device and i know IP of another device. How can I get packages, which devices using for communication? Now I use something like tcpdump -i -s 0 -w But i need to catch initial packages too. Tcpdump…

tcpdump wifi-direct

asked Nov 13 '13 at 17:46

Stepan Loginov

1,667
4
22
49

votes

1 answer

How to save Ethernet frames in pcap format

I am writing an application that listens to a network interface, picks some frames, edits them and then saves them to disk. Very similar to tshark and tcpdump. My code is written in C++ However, I want to save my packets in pcap format and I cannot…

c++ tcp libpcap tcpdump tshark

asked Nov 02 '13 at 17:13

Ezra

1,401
5
15
33

votes

1 answer

Packet received on monitor interface, but not main interface

I am building UDP packets from scratch (including 802.11 MAC, LLC, IP and UDP headers) and injecting them into a wireless network using LORCON. The receiving host has an interface wlan0 in regular, managed mode (but not connected to any AP), and…

linux sockets udp wifi tcpdump

asked Oct 17 '13 at 18:03

Jon Gjengset

4,078
3
30
43

votes

2 answers

how to capture only first few packets of every tcp session?

In my stress test using jmeter, I am trying to find out the root cause of connection reset, hostconnect exception and such errors on jmeter client. The only way I can think of is to capture the packets and see if I am getting tcp reqeusts and what…

jmeter tcpdump

asked Sep 20 '13 at 04:40

Manish Sapariya

3,575
3
25
34

votes

1 answer

Reading tcpdump header length command

This is my first post and I absolutely <3 this site! So much great content! So, I have the following TCPDump command I want to understand what it is asking (in plain English). tcpdump 'tcp[12] & 80 !=0' Is it asking to grab all TCP packets on byte…

tcp header binary tcpdump reserved

asked Sep 13 '13 at 03:09

John

votes

2 answers

pcap: Detect the presence or absense of radiotap header

How can I detect the presence or absence of the radiotap data in the raw bytes of a pcap file? I am not using libpcap but rather examining the payload myself. It seems to me that I can create a new file with tcpdump that includes this feature but…

radio pcap tcpdump wifi

asked Sep 04 '13 at 18:31

Flan

votes

1 answer

tcpdump can't pick up mobile device traffic

I have a wireless usb dongle running in monitor mode. By executing the following command I am able to pick up the source and destination mac address of packets sent between AP's and laptops, but not between AP's and mobile devices. tcpdump -i wlan0…

wireless tcpdump

asked Sep 02 '13 at 10:52

user1658296

1,398
2
18
46

votes

1 answer

error running a simple libpcap example

I am trying to compile a simple libpcap example, #include #include int main(int argc, char *argv[]) { char *dev; char errbuf[PCAP_ERRBUF_SIZE]; struct bpf_program fp; char filter_exp[] = "port 23"; bpf_u_int32 mask; …

c network-programming pcap libpcap tcpdump

asked Aug 31 '13 at 16:22

user1653150

votes

1 answer

Why doesn't tcpdump catch packet after specifying ip?

when I usetcpdump -i eth0 -nn,you can see the packet from 192.168.19.101 (I don't have enough reputation to post a picture) but when I specify ip,tpyetcpdump -i eth0 -nn host 192.168.19.101,tcpdump captured no packets but recieved some packets. WHY?

tcpdump

asked Aug 29 '13 at 02:34

Libraco

votes

1 answer

Reading a list of PCAP files

Any one here experience in opening a list of PCAP files in one shot and output the list of PCAP files to one output file? For example I have 1.pcap, 2.pcap and 3.pcap and I would like to do some processing on 1.pcap, 2.pcap and 3.pcap, then combine…

c pcap libpcap tcpdump

asked Aug 07 '13 at 02:24

CheeHow

votes

0 answers

Python, how to read from stdout of ongoing process like tcpdump over Ubuntu

I am trying to read from tcpdump output using python. I am using subprocess to read from tcpdump stdout on fedora, redhat, SUSE, but actually my script doesn't work on Ubuntu. my question sounds like this…

python subprocess tcpdump

asked Aug 05 '13 at 08:14

user1680544

votes

1 answer

should I be using sockets or packet capture? perl

I'm trying to spec out the foundations for a server application who's purpose will be to.. 1 'receive' tcp and/or udp packets 2 interpret the contents (i.e. header values) To add more detail, this server will receive 'sip invites' and respond with…

perl sockets sip pcap tcpdump

asked Jul 31 '13 at 16:59

BIGMOOSE

votes

1 answer

ping with tcpflow and tcpdump

When I use tcpflow icmp and ping I have no answer, but when I use tcpdump icmp aand ping I'm getting answer. Is something wrong with my tcpflow configuration or it should be like that?

networking tcpdump packet-capture packet-sniffers

asked Jul 31 '13 at 11:59

akuzma

1,592
6
22
49

votes

1 answer

Is it possible to not include retransmitted packets from a libpcap capture?

My objective is to obtain in a unique capture the sendt tcp packets from a source host, NOT including the retransmitted packets. Is it possible to not include in the packet the retransmitted packets? I'm using libpcap but any help with…

tcp wireshark libpcap tcpdump snort

asked Jul 25 '13 at 09:07

tremendows

4,262
3
34
51

votes

1 answer

Does centos 6.4 always do dns reverse query?

When I used tcpdump to monitor network traffic, I found that a lot of dns reverse query records. Like this: A_IP.55276 > DNS_IP.domain: 9247+ PTR? Query IP.in-addr.arpa. (45) DNS_IP.domain > A_IP.55276: 9247* 1/2/2 Query IP.in-addr.arpa. PTR…

centos reverse tcpdump

asked Jul 24 '13 at 02:29

user2612797

Prev 1 2 3

…

69 70 Next