Questions tagged [tcpdump]

tcpdump is a common packet analyzer that runs under the command line, utilizing BPF (Berkeley Packet Filter) language

tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. tcpdump relies on the underlying libpcap packet capture library.

1045 questions
0
votes
3 answers

2 tcpdumps from a remote host

I need to collect tcpdump from different interfaces from a remote host. Currently I do it in the following way: ssh remotehost "tcpdump -i iface1 -w - " > iface1_dump.pcap & ssh remotehost "tcpdump -i iface2 -w - " > iface2_dump.pcap I wonder if…
Alex C
  • 171
  • 1
  • 11
0
votes
1 answer

Read tcp packets from cap file one by one?

It's possible to read packet one by one from a file? I want to split my cap file in such a condition depend on the contents of packets, such as when I capture a long term packets stream, and I just need some packets to abstract, for example, I…
liunx
  • 751
  • 4
  • 13
  • 32
0
votes
1 answer

Generate tcpdump with raw ip encap

I am working on Click fast prototyping router api created by Eddie Kohler for my research. I am having hard time in generating tcpdump files with RAW IP ENCAP. I know that my link type doesn't allow to capture in RAW IP link-type as the only link…
Vaidsu
  • 3
  • 4
0
votes
2 answers

Tool to monitor/record TCP streams

I'm trying to analyze JSON-RPC traffic from an application to understand an undocumented protocol. So far, I've been using Wireshark's "follow TCP stream" feature, but there's a lot of clicking involved. Could I use tcpdump or tshark to accomplish…
Andrey Fedorov
  • 9,148
  • 20
  • 67
  • 99
0
votes
1 answer

tcpdump implementation/adaptation

I want to make an iPad app that analyze the data traffic using: "tcpdump" The app should be somehow a implementation/adaptation/wrapper the/for the "tcpdump" command. I zapped through the http://www.tcpdump.org/, but I want to save time, so I…
0
votes
2 answers

TCP client fails for a particular image(.bmp)

I have a simple c program to copy an image from the server using TCP The problem is it always fails to work with certain images, it only receives 'x' bytes and then times out. The program is not the problem here since i have tried with different…
maheshg
  • 339
  • 2
  • 7
  • 17
0
votes
1 answer

Packet is received on TCP level but not able to read

we are using SMPP protocol for sending messages to SMSC. When SMSC restarted session, client binded it again successfully But client unable to get/read further pdu like submit_resp, enquire_resp which SMSC has sent. We have checked tcp dump using…
Pramod
  • 21
  • 1
  • 4
-1
votes
1 answer

capturing tcp packets via tcpdump

I'm trying to capture tcp packets from a GPS device(client) configured to my server's 11050 port of eth1 interface. I wanna capture these packets to a file. The result is not in a human readable format. Below are list of the commands i tried with,…
nuthan
  • 465
  • 2
  • 5
  • 19
-1
votes
1 answer

linux automatically receive all multicast traffic

Normally you have to do an IP_ADD_MEMBERSHIP for each multicast address you are interested in. If you don't do that then the kernel will drop the packets and you won't see traffic even with tcpdump. Is there a way to subscribe to all multicast…
Karoly Horvath
  • 94,607
  • 11
  • 117
  • 176
-1
votes
0 answers

Monitor https with tcpdum

I was monitoring http web service traffic with tcpdum: sudo tcpdump -i eth0 -vv -A 'port 80' Now web service moved to https and I'm trying to see it with sudo tcpdump -i eth0 -vv -A 'port 443' But I see only garbage. Is it possible to see any…
vico
  • 17,051
  • 45
  • 159
  • 315
-1
votes
1 answer

what is the meaning of 'P' in tcpdump outout?

I am using tcpdump -i eth0 udp cmd to sniff packets on an Ubuntu 22.04 system, and here is the output. 07:26:49.735591 eth_2_1 In IP 192.168.1.1.ntp > 10.0.3.2.ntp: NTPv6, symmetric active, length 1 07:26:49.735600 eth_2_4 Out IP 192.168.1.1.ntp >…
QY-Y
  • 31
  • 5
-1
votes
1 answer

how to understand tcpdump particular field field

I have below two tcpdump, Want to know what are "syslog.info" and "local6.info" column meaning? and what are the representation of syslog.info and local6.info 06:56:07.533143 IP 10.10.40.10.52126 > 10.18.40.58.514: SYSLOG **syslog.info**, length:…
nathan
  • 754
  • 1
  • 10
  • 24
-1
votes
1 answer

Berkeley Packet Filters for VLAN priority

I need to filter priority into VLAN header to ensure Voice priority value. Using BPF filtering is possible to evaluate which packets contains priority bits value into VLAN header are equals to five ? Regards Vincenzo
-1
votes
1 answer

Tcpdump how counting packets in given amount of time

I need to count the packages on an interface after a certain filter. Let's say I want to see how many packages per second I have with Filter Syn. The command below counts these packages, but fail to find an option to see how many requests of this…
borcan22
  • 11
  • 2
-1
votes
2 answers

recv always return EAGAIN but tcpdump shows 0 packets dropped by kernel

I'm trying to read udp packets using recv non-blocking mode in a loop as shown below, however the call always return EAGAIN, but tcpdump shows that 0 packets dropped by kernel, what could be the cause of EAGAIN? for (;;) { const auto rc =…
betteroutthanin
  • 7,148
  • 8
  • 29
  • 48