Stack Overflow
Stack Overflow

Questions tagged [tcpdump]

tcpdump is a common packet analyzer that runs under the command line, utilizing BPF (Berkeley Packet Filter) language

tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. tcpdump relies on the underlying libpcap packet capture library.

1045 questions
-1
votes
1 answer

Understanding tcpdump's ip packet payload output

I was using tcpdump on ubuntu for capturing IP packets while i was connected to a ftp server. I got the output but I did not understand the output fully. Here's the output: 20:36:59.447287 IP 195.144.107.198.21 > 192.168.0.103.38358: Flags [P.], seq…
Soham Gadhave
  • 85
  • 1
  • 7
-1
votes
1 answer

How do I use Windump using Cuckoo in Windows10

When I analyze a file using Cuckoo These error I have. File "c:\python27\lib\site-packages\cuckoo\auxiliary\sniffer.py", line 157, in stop (out, err, faq("permission-denied-for-tcpdump")) CuckooOperationalError: Error running tcpdump to sniff…
Sang_Hyeop
  • 3
  • 4
-1
votes
1 answer

Extract IP directly from Tcpdump Output

I wanted to extract IP on a Tcpdump Command output. tcpdump -nei eth0 and src 10.10.10.1 Sample Output of Above Command. As the output was very big I have posted it in below link. https://pastebin.pl/view/3b6ab16d Commands Which I tried tcpdump…
Am3Y
  • 75
  • 4
-1
votes
1 answer

Using tcpreplay for vxlan packets

I am quite unfamiliar with the way tcpreplay works and I just started using it. I am feeding a pcap of vxlan packets to an ethernet interface that has vxlan configured on top of it. Can we see the decapsulated packets on the vxlan interface? Do I…
KPW
  • 27
  • 7
-1
votes
1 answer

Trying to Listen for GET on Port 80

I want to be able to read the URL GET requests coming to my server, ex: "www.JohnAlexINL.com/ping" or "http://johnalexinl.com/", et cetera. I've tried using TCPDump, but it gives me a bunch of garbled nonsense that I can't figure out how to…
JohnAlexINL
  • 615
  • 7
  • 15
-1
votes
1 answer

Write to another tcpdump file every minute

I want to use tcpdump to create log files for network. I can write to file the output with filenames containing minutes. Note: I don't want to create files by filesize. I want to create files for every minute. I tried to a lot of command but I…
Mustafa Aydemir
  • 21
  • 2
  • 5
-1
votes
1 answer

Remove unnecessary characters from tcpdump output

I am using this command to spy on local (macOS) HTTP traffic: sudo tcpdump -A -s 0 'tcp port 4444 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' -i lo0 I works magic but also outputs unnecessary…
halgrim
  • 39
  • 7
-1
votes
1 answer

TCP close 2-way handshake with wirshark package

I got a pcap package use tcpdump command. In this pcap, the TCP close in 2-way handshake! Questions: In this picture, can anyone determine who initiated the signal to close the connection? why TCP close in 2-way handshake? it does not make sense!
Leo
  • 11
  • 2
-1
votes
1 answer

merging tcpdump from two different interfaces

Can you please help me to get an idea, how to do the following requirement? I have two ethernet ports on a server. Eth0 and Eth1. Both interfaces are carrying traffic. I want to capture packet-dump both of the interfaces and merge into one…
Luke Devon
  • 11
  • 4
-1
votes
2 answers

I want to create a wlan with raspberry pi which will be running nodejs express framework to play videos in browser

How can i track the current network speed per ip on a WLAN ? I am working on project to create a WLAN with raspberry pi which will be running nodejs express framework to play videos in browser of smartphones connected to it but i need to know the…
Rohit_Srivastav
  • 19
  • 6
-1
votes
1 answer

Will tcpdump capture packets where destination mac address does not match NIC's mac address

I am running some data throughput tests by sending UDP packets using iperf through a VM that does some sort of processing on those packets. My application runs in promiscuous mode, so it will pick up all packets. I saw my application drop some…
Surajit
  • 5
  • 1
  • 6
-1
votes
2 answers

How to extract source ip and host address from a pcap file into a .csv file? Any ideas on a way to do it?

tshark -r example.pcap -Y http.request -T fields -e http.host -e ip.dst -e http.request.full_uri I tried using this command however it just gives me source ip. I need to make sure i get source ip and destination ip so i can list out the websites…
John
  • 1
  • 1
-1
votes
1 answer

NFS Unknown reason for rejecting rpc message

I see frequent rpc rejection messages from NFS server and slow NFS I/O. What could be a cause for RPC rejection and can it cause nfs failure ? nfsserver.nfs > nfsclient.itm-mcell-s: Flags [.], cksum 0xa3c6 (correct), seq 914857:916305, ack 710776,…
Sachin Sharma
  • 71
  • 1
  • 1
-1
votes
2 answers

Linux delete egrepped lines

I pass file to my egrep expression (tcpdump log), then I want to delete all matched lines Code example: cat file | tr -d '\000' |egrep -i 'user: | usr: ' --color=auto --line-buffered -B20 How can I delete all matched lines now?
Jakub Pastuszuk
  • 928
  • 4
  • 12
  • 31
-1
votes
1 answer

Why are underlying TCP connections are released so late?

As you see above, the tcp connection release so slow. I'm wondering how it happened and if it affect my program (http layer)?
Brutal_JL
  • 2,839
  • 2
  • 21
  • 27
1 2 3
69 70