Stack Overflow
Stack Overflow

Questions tagged [tcpdump]

tcpdump is a common packet analyzer that runs under the command line, utilizing BPF (Berkeley Packet Filter) language

tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. tcpdump relies on the underlying libpcap packet capture library.

1045 questions
0
votes
1 answer

Application with libpcap can only capture all the packets when tcpdump is opened, or only can capture few packets,how to resolve it?thanks

I have written a application, which uses libpcap to capture packets. But the application can only capture a few packets, the traffic is about several kbps. But the captured traffic will be over 10Mbps if tcpdump is opened. When tcpdump is closed,…
happy
  • 1
0
votes
1 answer

tcpdump monitor mode on OS X does not show other machine's packets

I'm using a macbook air with osx 10.8.4 and i want to sniff the packets in with same Wi-Fi network. I installed the tcpdump and i can get my own machine's packages. But i can not get the packages of my iphone which is in the same wifi network. I…
aisensiy
  • 1,460
  • 3
  • 26
  • 42
0
votes
2 answers

Python subprocess: stderr only saving the first line. Why?

I am running tcpdump from within Python and I would like to know how many packets are dropped by the kernel. When run on a command line, tcpdump looks like this: me@mypc:$ sudo tcpdump -w myPackets.cap -i eth0 ip tcpdump: listening on eth2,…
Ricky Robinson
  • 21,798
  • 42
  • 129
  • 185
0
votes
1 answer

tcpdump returns 0 packets captured, received and dropped

I am currently trying to debug a networking problem that has been plaguing me for almost three weeks. I'm working with openstack and can create virtual machines and networks fine but cannot connect to them at all. When I run this command from the…
PT_C
  • 1,178
  • 5
  • 24
  • 57
0
votes
3 answers

How can I identify the time a TCP packet takes from two nodes?

I need to identify the transfer time of a packet. More specifically I need: The time when the packet leaves node A The time when the packet arrives at node B Is there any way of identify the packet without error? I was thinking of using…
tremendows
  • 4,262
  • 3
  • 34
  • 51
0
votes
1 answer

Piping the output of tcpdump multiple times

In bash, usually you cannot send the output of tcpdump to an awk expression, as explained in this Stack Exchange question. This prints nothing: sudo tcpdump -i en1 -n -q 'tcp[13]=18 and src port 80' | awk '{$0=$3; sub(".80$",""); print $0}' The…
shardbearer
  • 365
  • 1
  • 4
  • 7
0
votes
1 answer

TCPDump / libpcap - find memory location of payload data

I am trying to view http traffic going to and from my loopback network adapter using libpcap. I just beginning with network programming and completely new to this library. Thanks to an answer I received previously I have been successful at detecting…
Nick
  • 19,198
  • 51
  • 185
  • 312
0
votes
1 answer

How to filter out some packets in a pcap file, based on their host dst ip?

I am trying that: $ zcat my_pcap.gz | /usr/sbin/tcpdump -r - -nn host dst 161.15.215.20 reading from file -, link-type EN10MB (Ethernet) tcpdump: syntax error Why is the reason for the syntax error ?
yves Baumes
  • 8,836
  • 7
  • 45
  • 74
0
votes
2 answers

libpcap read packet size

I started to write an application which will read RTP/H.264 video packets from an existing .pcap file, I need to read the packet size. I tried to use packet->len or header->len, but it never displays the right number of bytes for packets (I'm using…
gogasca
  • 9,283
  • 6
  • 80
  • 125
0
votes
1 answer

Tcpdump - pcap - Cannot sniff packets on port 5984

Sorry if this a lame question. I'm new to tcpdump and pcap. I am using the pcap static lib to develop and application which listens to TCP data on a specified port. I have a small prototype built up and it works well when sniffing tcp packets sent…
Nick
  • 19,198
  • 51
  • 185
  • 312
0
votes
1 answer

tcpdump traffic capture for remote machines

I was trying to capture the traffic of my website I opened a remote Machine , logged into my website . Then from my windows machine , opened putty instance logged into that remote Machine and issued the following command under putty sudo…
Pawan
  • 31,545
  • 102
  • 256
  • 434
0
votes
1 answer

TCPDUMP: Bitmasking

I am taking a digital securities class and I dont understand one of the examples on bitmasking. To find IPv4 packets they say run this command tcpdump IP[0] & 0xf0 = 4 I believe that this is wrong, the bit mask correctly only selects the first 4…
user2158382
  • 4,430
  • 12
  • 55
  • 97
0
votes
1 answer

Number of packets ordered by IP

My server is currently under a small DOS attack. I would like to know if there is an easy way to get the list of IPs sending packets to my server, ordered by the number of packet they sent, on a specific port. I use ubuntu server 12.04 Thank you in…
Laeti
  • 43
  • 1
  • 1
  • 4
0
votes
1 answer

libpcap Radiotap header extraction

I've got some code that is using the functions ieee80211_radiotap_iterator_init() and ieee80211_radiotap_iterator_next() from radiotap-parser.c, I'm not sure what I'm doing incorrectly, perhaps someone can educate me? I'm using the sample code from…
Lee Hambley
  • 6,270
  • 5
  • 49
  • 81
0
votes
1 answer

Packet sniffering by jpcap

I am sniffering packets on ethernet (eth0) in java with the help of jpcap library... So, In my project I have a JpcapCaptor ... //Open an interface with openDevice(NetworkInterface intrface, int snaplen, boolean promics, int to_ms) …
timonvlad
  • 1,046
  • 3
  • 13
  • 31
1 2 3
69 70