Stack Overflow
Stack Overflow

Questions tagged [tcpdump]

tcpdump is a common packet analyzer that runs under the command line, utilizing BPF (Berkeley Packet Filter) language

tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. tcpdump relies on the underlying libpcap packet capture library.

1045 questions
-2
votes
1 answer

Filtering hostname using wildcard in tcpdump

is it possible to create expression in tcpdump that would filter incoming packets with wildcard, something like this please? tcpdump -i bond0 -c 200 -Z root udp port 514 and src server-*.com This doesn't work ... I was only able to filter using…
Miroslav Cibulka
  • 15
  • 7
-2
votes
1 answer

tcpdump difference between ip host hostname | ip and host hostname

In tcpdump, which is the difference between the following two commands? I tried to understand but they seems pretty much the same to me. tcpdump ip host google.com and tcpdump ip and host google.com
testermaster
  • 1,031
  • 6
  • 21
  • 40
-2
votes
1 answer

tcpdump: invalid file size

I am trying to run a tcpdump command with filesize 4096 but, it return with an error :- tcpdump: invalid filesize Command :- tcpdump -i any -nn -tttt -s0 -w %d-%m-%Y_%H:%M:%S:%s_hostname_ipv6.pcap -G 60 -C 4096 port 53 After some hit & trial I found…
Debugger
  • 17
  • 4
-2
votes
1 answer

tcpdump -n 'tcp[13] & 16 !=0' | wc -l v.s. tcpdump -n 'tcp[tcpflags] = tcp-ack' | wc -l ==> different results?

I'm trying to understand the following; When trying tcpdump -n 'tcp[13] & 16 !=0' | wc -l on a file, I get a different result (27833) than when I try tcpdump -n 'tcp[tcpflags] == tcp-ack' | wc -l (16433) on that same file. I was hoping someone could…
Bart_S
  • 17
  • 1
  • 3
-2
votes
1 answer

tcpdump does not display packets seen by Wireshark

The host (seen below) receives DNS requests from another host on the same network. It has port UDP/53 closed, still the packets are displayed by Wireshark. Indeed, the are requests sent to 192.168.16.2 on port UDP/53, so the expression should be…
Shuzheng
  • 11,288
  • 20
  • 88
  • 186
-2
votes
1 answer

Tcpdump with -w writing gibberish to file

When trying to capture tcpdump output to a file, I get the…
deconstruct
  • 41
  • 1
  • 6
-2
votes
1 answer

ssh dynamic port forwarding and tcpdump shows cleartext

I'm trying to encrypt my web traffic using SSH dynamic port forwarding in case I happen to be in multiple places such as internet cafes, hotels and so on. On my laptop I installed an SSH server and executed: ssh -C -D 1080 myuser@localost I then…
Thomas Ukenagashi
  • 57
  • 6
-2
votes
1 answer

Making a hash recognize unique data in Perl

I'm working on a introduction to computer programming final, and I'm coding in Perl. I'm trying to use a hash to filter a list of IP addresses and push all the unique ones onto an array. For some reason it's only holding one of the two IPs. my…
user3100825
  • 1
  • 1
-3
votes
1 answer

Interpreting tcpdump output

+ 05:09:27.978249 IP 10.0.3.25 > 10.0.4.25: ICMP echo request, id 2604, seq 162, length 64 + 05:09:27.978281 IP 10.0.4.25 > 10.0.3.25: ICMP echo reply, id 2604, seq 162, length 64 + 05:09:27.979776 IP 10.0.4.25.45430 >…
Avantika Singh
  • 31
  • 1
  • 6
-3
votes
1 answer

TCPDump on rooted android devices

I would like to do TCPDump on rooted android devices. I would like to create a ".pcap" file for later analysis that will capture upload / download packets. Is there a good library for this? How should I begin ?
ben
  • 39
  • 1
  • 4
1 2 3
69
70