Stack Overflow
Stack Overflow

Questions tagged [tcpdump]

tcpdump is a common packet analyzer that runs under the command line, utilizing BPF (Berkeley Packet Filter) language

tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. tcpdump relies on the underlying libpcap packet capture library.

1045 questions
0
votes
1 answer

add new headers parsing in tcpdump

I have a necessity to add support for a proprietary headers that FPGA in our design inserts in incoming Ethernet frames between MAC header and payload. Obviously have to dig in tcpdump sources and libpcap, but could anybody give some hints at where…
Mark
  • 6,052
  • 8
  • 61
  • 129
0
votes
1 answer

Strange tcp dump collects

I had tried to bind my internet pdn on my phone to a particular interface like wlan0 or cdma0. So I bound the ip address to the tcp socket created and tried to send an http get request to google.com. What I get in tcpdump is a very strange log. My…
tariq zafar
  • 659
  • 7
  • 24
0
votes
1 answer

Tcpdump saved file is empty even reporting that captured millions of packet

I captured traffic on a server interface remotely by using ssh to send command to a shell script controlling Tcpdump. #!/bin/bash # Script to Start/Stop TCP # Usage: ./ControlTCPdump.sh start|stop [filename] CONSOLE_OUTPUT="tcpdump$( date +%m%d…
Ha Son Hai
  • 166
  • 3
  • 10
0
votes
1 answer

libpcap: 64bit machine has no compatible 32-bit libpcap library

I want to compile a .c file to 32-bit executable using gcc option -m32 with libpcap the machine is linux 64bit fedora 16 however, I get the following error [root@fdf source]# gcc -m32 -o test_tcp test_tcp.c -lpcap /usr/bin/ld: skipping incompatible…
user138126
  • 953
  • 3
  • 14
  • 29
0
votes
1 answer

Analyzing abnormal TCP/IP traffic: Sequential IP sequence numbers

My professor told me that sequential IP sequence numbers is typical behavior of most IP stacks (and showed us examples of packet sniffers), but I thought IP sequence numbers are supposed to be randomly generated to avoid attacks? Which one is it. I…
user2158382
  • 4,430
  • 12
  • 55
  • 97
0
votes
1 answer

Extract tcpdump data with awk

I'm trying to set up a pipeline to extract, via awk, certain fields and the ascii data (source IP, target IP, and payload) from each packet in a stream of packets captured by tcpdump, but I'm having difficulty. I think the problem is that the…
Kevin Walzer
  • 538
  • 4
  • 14
0
votes
1 answer

Android gingerbread DHCP 119 setprop not working

I am try to set custom DNS suffix (yahoo.com in my case) using adb command setprop net.dns.search yahoo.com I verified it using getprop net.dns.search and it returns yahoo.com However, when I type music in my browser and run tcpdump in the adb,…
Robin Chander
  • 7,225
  • 3
  • 28
  • 42
0
votes
2 answers

tcpdump header info grep or awk or sed?

What would be the most efficient way to grab the destination ip (>ip) and the "User-Agent:". I would like to grab those two values and dump them into a file with ip first in line followed by user agent. I would like to minimize system resources.…
sectech
  • 43
  • 1
  • 8
0
votes
1 answer

Is it possible to run two programs simultaneously or one after another using a bash or expect script?

I have basically two lines of code which are: tcpdump -i eth0 -s 65535 -w - >/tmp/Captures tshark -i /tmp/Captures -T pdml >results.xml if I run them both in separate terminals it works fine. However I've been trying to create a simple bash script…
InvertReality
  • 39
  • 2
  • 2
  • 9
0
votes
1 answer

tcpdump - Maximum amount of packets in a pcap file?

Is there a maximum amount of packets for pcap file (beyond OS limits? Looking at the specification I don't see anything in the pcap file format that would limit the number of packets. Perhaps will libpcap or tcpdump limit the number of packets…
RyPeck
  • 7,830
  • 3
  • 38
  • 58
0
votes
0 answers

Why does tcpdump enable this code to work?

I have a small network consisting of 2 hosts (OS X and linux) with a switch between them. When I run the following pair of programs, the receiver (linux) doesn't see any multicast packets. However, when I run tcpdump -i eth0 -s 512 udp on the…
No One in Particular
  • 2,846
  • 4
  • 27
  • 32
0
votes
3 answers

tcpreplay removing IP checksums?

I have a packet trace that I forge with scapy and resend with tcpreplay. I recompute IP and transport-layer checksums with Scapy, save the packets to disk on pcap file and call tcpreplay on it. By running tcpdump in parallel I noticed that all IP…
Ricky Robinson
  • 21,798
  • 42
  • 129
  • 185
0
votes
1 answer

Difference between two similar tcpdump filters

I don't understand the difference between these two filters found here: proto[x:y] & z = z : every bits are set to z when applying mask z to proto[x:y] proto[x:y] = z : p[x:y] has exactly the bits set to z Any idea?
Ricky Robinson
  • 21,798
  • 42
  • 129
  • 185
0
votes
2 answers

Differences between libpcap packet results and bsd socket recv data using C++

I have relatively limited network programming experience and was hoping someone could help me with perhaps a n00bish question, thanks in advance for any help! :) I have two C++ programs running separately. One is a simple packet sniffer written…
user1930581
  • 1,465
  • 1
  • 13
  • 23
0
votes
2 answers

tcpdump: capture outgoing packets on virtual interfaces that has an unknown link type to libpcap?

In the system I am testing right now, it has a couple of virtual L2 devices chained together to add our own L2.5 headers between Eth headers and IP headers. Now when I use tcpdump -xx -i vir_device_1 , it actually shows the SLL header with IP…
wei
  • 6,629
  • 7
  • 40
  • 52
1 2 3
69 70