Stack Overflow
Stack Overflow

Questions tagged [tcpdump]

tcpdump is a common packet analyzer that runs under the command line, utilizing BPF (Berkeley Packet Filter) language

tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. tcpdump relies on the underlying libpcap packet capture library.

1045 questions
0
votes
1 answer

Determining user's page viewing time by sniffing traffic

When a user request for a page (page request), browser request for several other components within that page (inline requests), i.e. images, CSSs, JSs, ... By just sniffing the traffic between client and server, is there a way to differentiate…
Yasser
  • 376
  • 5
  • 13
0
votes
1 answer

Plotting multiple files on same graph

I need to plot the outputs of various xpl files generated by tcptrace on the same graph so that graphical comparison becomes easier. Note: Here the x-axis is common for all xpl files(time). Only the y-axis differs. I need something like 2 y axis.…
user1761399
  • 39
  • 4
0
votes
1 answer

Opening TCP dump files using pcap libraries

I want to read through a tcp dump file and print out the packet lengths and their start and end time or just time stamps. I know that pcap libraries can do this. But I could not find a concrete example of opening a dump file and processing it for…
P basak
  • 4,874
  • 11
  • 40
  • 63
0
votes
2 answers

FIN,ACK after PSH,ACK

I'm trying to implement a communication between a legacy system and a Linux system but I constantly get one of the following scenarios: (The legacy system is server, the Linux is client) Function recv(2) returns 0 (the peer has performed an orderly…
magol
  • 6,135
  • 17
  • 65
  • 120
0
votes
1 answer

commercial application licensing issue and a solution for libpcap applications

I would like to develop some commercial tool in the area of processing data extracted out of a packet sniffer. I am aware that libpcap is available for that but I am quite sure that there are many restrictions due to licensing issues. Suppose I…
Abruzzo Forte e Gentile
  • 14,423
  • 28
  • 99
  • 173
0
votes
1 answer

how to run a background process on linux and then kill it after parsing the output?

I want to launch tcpdump on linux shell as a background process using a perl script but I have to parse the output after which i need to kill the process. How can I do this ?
Dcoder
  • 379
  • 2
  • 7
  • 13
0
votes
1 answer

tcpdump/wireshark disconnect

when i'm listening on wlan0 with tcpdump or even wireshark, I'm always disconnected in 30s to 5 min. Do you have any idea how to fix this? I'm on a debian 64bits, i tryed wpa_spupplicant and network-manager.
gfauchart
  • 82
  • 10
0
votes
1 answer

saving a captured packet in TCPDump format (Java)

I want to save a captured packet in TCPDump format. I'm using Java with JPCap library. However, I'm not able to use JpcapWriter.writePacket() function, it gives me a JVM error. This is the code that is causing the JVM error: …
Shubham Saini
  • 738
  • 3
  • 8
  • 18
0
votes
1 answer

Tcpdump: Sequence and acknowledgement number mismatch with libpcap

I am writing an app where I am printing TCP sequence and ack numbers. I ran tcpdump on the same box and the numbers do not match. Here is my code, all headers and structures are from sniffex.c void got_packet(u_char *args, const struct pcap_pkthdr…
ACC
  • 2,488
  • 6
  • 35
  • 61
0
votes
2 answers

telnet automation script fails sometimes

I am running the following simple telnet script which just logs into a machine and exits. The same script works fine (goes through 1000 iterations) from one Linux server but fails (consistently) from another Linux server (fails after say 200…
Ram
  • 1,153
  • 4
  • 16
  • 34
0
votes
0 answers

TCP Listener, written in PHP, not capturing, what it should capture

I have adapted example PHP TCP listener (multi-client version, posted by javier in user contributed notes below main article, with my small fixes) to listen on port 7777 for any TCP packets / connections. I've run this listener on my home server,…
trejder
  • 17,148
  • 27
  • 124
  • 216
0
votes
1 answer

tcpdump expression that capture port on one interface and another port on another interface?

I need to capture port 9090 on eth0 and port 8080 on lo (localhost or loopback). Can somebody shows me the tcpdump expression that can do that? I am current using tcpdump -n -i any port 8080 or port 9090 Thanks,
Sean Nguyen
  • 12,528
  • 22
  • 74
  • 113
0
votes
2 answers

How to read multiple pcap files >2GB?

I am trying to parse large pcap files with libpcap but there is a file limitation so my files are separated at 2gb. I have 10 files of 2gb and I want to parse them at one shot. Is there a possibility to feed this data on an interface sequentially…
yoktur
0
votes
1 answer

How to save to file all the syn packets?

I need to have some statics (for test purpose ) on syn packet that was recieved. I got lost with the available tools - ethreal. tshark.tcpdumt. I want the simple tool that will not dump the complete packet only by pattern (in my case only ip, but…
Avihai Marchiano
  • 3,837
  • 3
  • 38
  • 55
0
votes
1 answer

ip filter for multiple IPs

I want to filter IPs on a .cap file , I use the command ip.addr == 123.456.789 but this only filters out one IP , I was wondering if there was a way to filter out multiple IPs ? thanks
helloworld0722
  • 11
  • 1
  • 1
  • 3
1 2 3
69 70