commandline packet analyzer
0
votes
0answers
5 views
How to capture “droped packets” in tcpdump
I have a problem with my networking performance. I am using Ubuntu 16.04 on VMware Cloud Server with NIC E1000. But I see some packets droped in sections of ifconfig command:
root@ubuntu:~# ifconfig ...
0
votes
0answers
18 views
How to I use netcat with a pcap file
I have a pcap file that has some packets in it (created with tcpdump). I would like to take one of these packets and send it to a remote server with netcat nc.
I have two current solutions, but I ...
0
votes
0answers
28 views
Tcpdump or similar - How can I only capture one instance of each packet destination and port?
I want to leave something like tcpdump running for up to a week and therefore make its output as concise as possible to reduce file size and speed up post-capture analysis.
All I need to to do is log ...
0
votes
0answers
19 views
iptables block by offset - how to?
I have the following log extract (tcpdump):
144.217.46.198.41015 > xxx.xxx.xxx.xxx.80: Flags [S], cksum 0x2853 (correct), seq 1143021938, win 29200, options [mss 1460,sackOK,TS val 59029776 ecr 0,...
0
votes
1answer
36 views
How to capture network traffic periodically, with every capture file containing full network flows
I need to dump network flow periodically on a Linux platform, ideally using the command line interface (i.e., non-GUI tools), and I want every capture file (pcap files) to contain complete flows. How ...
0
votes
1answer
30 views
tcpdump does not recognize or operator
I want to capture packets that are either a PPPoE Discovery or Session packet.
Does tcpdump support combining protocols with or? The manpage seems to say so, but it does not seem to work on Raspbian ...
0
votes
1answer
128 views
tcpdump only showing beacon packets for certain mac address filters
I'm using an ubuntu OS to capture data packets in monitor mode (https://sandilands.info/sgordon/capturing-wifi-in-monitor-mode-with-iw)
The command I'm using to capture packets from my laptop is:
...
0
votes
2answers
38 views
Analyse UDP delay from tcpdump files
I have a video streamer (VLC) which is using RTP to stream video to a client. I have captured the packet trace from both the sender and the receiver side using tcpdump separately.
The streaming ...
1
vote
0answers
28 views
tcpdump on debian 8
I had installed tcpdump on debian 8 via the apt-get command. When I try to record packet on a monitoring interface which gets packets via SPAN port with the following command "tcpdump -i interface -...
0
votes
1answer
39 views
tcpreplay does not work
I have a problem with tcpreplay and hostapd, this is my scenario: a client connects to 172.24.1.91/OPEN and /CLOSE and processes a GET request to a server that lights up or down a Led. I made a Java ...
-1
votes
1answer
68 views
Dissecting HTTP-Capture
I have the below HTTP-get capture. I am trying to learn to dissect it manually using protocols and packet math. And am struggling with the following questions. This is not a graded project, just ...
0
votes
0answers
318 views
tcpdump is overlooking some snmp traffic
I am sniffing for SNMP traffic to code a testcase for some network hardware.
Currently I start tcpdump like this:
tcpdump -i any -nn port snmp
I then send some SNMP traffic from the same host:
...
0
votes
0answers
35 views
tcpdump GET/POST requests resources to files
root@kali:~# tcpdump host bobcash.com
18:15:50.667030 IP kali.41040 > 104.28.6.58.http: Flags [P.], seq 1:651, ack 1, win 229, length 650: HTTP: POST /login HTTP/1.1
18:15:51.458788 IP kali.41040 > ...
2
votes
1answer
33 views
Calculating network usage from a server
I am trying to calculate the % network utilization for a server on my network for any snmp traffic, (in or out). I have followed the below steps, can someone point out if I have gone wrong in the ...
-1
votes
1answer
71 views
tcpdump is not capturing any packets for host
Here is the output of the ip addr command:
I tried out this command for showing network traffic:
sudo tcpdump -n host google.com
But it's giving output like this:
tcpdump: WARNING: eth0: no ...
0
votes
1answer
18 views
Does The Same Layer 2 Routing Information From A Source End Up On The Other Side Of The Internet?
when I do
tcpdump -e eth0
I get the traffic stream going through eth0, and I'm seeing various source MAC addresses of packets being received by eth0. I only have one default gateway connection with ...
0
votes
2answers
123 views
Why does TCP sends more than 1 ack per packet?
My source sends packets of 4794 bytes (at least according to the capturing it looks like 1 packet each), however, the destination machine sends 2 acks for every packet sent from source.
I've tried ...
0
votes
1answer
78 views
How to select syn packets going to given destination port with tcpdump
I'm trying to capture syn packets going to a given destination port with tcpdump with the following command :
tcpdump dst port 80 "(tcp-syn) !=0"
but it says
tcp: syntax error
Any idea how to ...
0
votes
1answer
141 views
How to tcpreplay only packets satisfying a pcap filter rule?
I have a dump file with lots of various packets in it, but I want to selectively replay, say, only all udp packets to a given port number, without having to edit the dump file first.
How?
0
votes
1answer
39 views
What's the purpose of the -interface option in tcpdump?
doing the following command:
tcpdump -i eth0:cp5
shows exactly the same thing as the default ...
tcpdump
what's the purpose of allowing user to specify interfaces?
0
votes
0answers
47 views
tcpdump doesn't captures properly on specific port
I'm in a network and I want to capture FTP packets from another server in the network but I have a problem with tcpdump about this.
I've used this command, where X.X.X.X is the FTP server:
tcpdump -...
0
votes
1answer
313 views
Can't connect local server by public domain name
I have my server (Debian Wheezy) in my local home network. On that server I have my own DNS server (dnsmasq) for other local servers (so I can type name instead of local IP) and reverse proxy (nginx). ...
1
vote
2answers
51 views
tcpdump is not capturing packets
Can anybody tell me what kind of error I have in this? It isn't reading any packets when I run it.
nohup sudo tcpdump -i any host 10.0.1.107 and port 5060 and port 6060 -G 010 -W 015 -w capture_%Y-%m-...
0
votes
1answer
40 views
Human readable SSL/TLS packets
If I have a protocol-analyzer/packet-sniffer, such as wireshark installed on a particular device..
(or in this case; tcpdump & tshark etc. on my smartphone..)
..should I be able to read ...
1
vote
0answers
36 views
how to capture a certain http code responce with tcpdump
I want to capture http errors on openwrt.
ngrep utility would be very useful but is not available there also tshark is not available also.
so it leaves me with tcpdump.
how do I tell tcpdump to ...
1
vote
1answer
90 views
How many ARP Request/Reply for Ping command to work
I would like know how many ARP Request/Reply are required for ping command to get work ?
Let's say we have two machines connected point to point with ip's 192.168.110.2 and 192.168.110.3 and executes ...
0
votes
1answer
2k views
Multiple connections to Plex dlna port 32469
Sorry if this is not in the correct forum.
I have Plex server installed on a Raspberry PI running Raspbian with Open Media Vault. Everything works well.
The only issue I have is that I get lots of ...
0
votes
0answers
26 views
How do I find out to what hostname a potential malware wants to connect?
Without connecting my computer to Internet.
I can only think about netstat and packet capturing tools, but I dont really know which method is suitable.
0
votes
0answers
120 views
NAT doesn't allow TCP ACK for sent TCP SYN
We are using TCP Simultaneous Open for connecting TCP socket. Lets call one SideA and other SideB.
From the wireshark log I see that first two SYN sent from SideB is blocked by SideA NAT. Then SideA ...
2
votes
1answer
498 views
Wireless packet sniffing on Linux. Captured data is almost only broadcasts
Environment: Home network that operates on channel 8 (I am the admin so all the passwords are known and I have physical access to all devices), with a PC and a laptop connected to it (both standing ...
1
vote
1answer
5k views
What does a sequence of retransmissions with PSH,ACK flags mean (and a spurious retransmission back)?
I am on server 192.168.0.2 and want to make a HTTP call to 192.168.0.1(both servers are RPis and run Linux (raspbian)).
curl -XGET http://192.168.0.1:8081/api
The API on 192.168.0.1 (which I am ...
0
votes
0answers
24 views
How can I capture a list of all servers my computer connects to?
I'd like to capture, in real-time, a list of all servers (URL preferred, IP address ok) my computer connects to. I've used tshark and tcpdump, but they return different results. This makes me wonder ...
1
vote
1answer
254 views
What is a cache flush, and how do you explain this TCPdump pattern?
I ran TCPdump a few times on my home network and found a lot of packets that were marked (Cache Flush), seemingly originating with my sister's laptop. I can't see any HTTP or HTTPS packets during the ...
0
votes
2answers
478 views
Capturing incoming UDP packet fails
My Environment:
Mac OS X 10.8.5 (IP: 192.168.10.5)
CentOS 6.5 (IP: 192.168.10.8)
I'm trying to capture UDP incoming packet on OS X.
I tried on the Terminal of OS X
# tcpdump -In udp portrange 6000
...
1
vote
0answers
49 views
TCP Dump received from Verizon, along with an abuse notice
Apologies in advance if this Question is not a good fit for your forum, but I hope it is and someone can help. I'm a FIOS customer and received from "[email protected]" a TCP dump as part of an email ...
0
votes
1answer
132 views
how to use tcpdump to capture LAN packets which are not from or destined to my PC?
I'm using wifi for network access. I'm doing an experiment with my smartphone to do some experiment and I want to capture packets which are from my smartphone. My idea is to use my laptop with tcpdump ...
1
vote
0answers
292 views
How to capture packets of rysnc using tcpdump
I am trying to do rysnc a 4G file to another directory and want to capture rsync packets using tcpdump. I tried listning to port 873 which is used for rsync but did not find anything captured. I ...
1
vote
1answer
2k views
Check for packets MARKed by iptables
I am marking TCP and UDP packets in order to send them to two different interfaces (say wlan0 and eth0), I did this by following this answer.
Assuming this configuration:
eth0 address: 192.168.0.84 ...
1
vote
0answers
478 views
monitor and log LAN network traffic on CentOS 6.x
I've been fiddling with this one for almost a week now.
My setup is:
LAN (windows/linux PCs/servers) <-> CentOS gateway/firewall box <-> ISP
I'm trying to setup a monitoring solution which ...
0
votes
1answer
96 views
Yosemite Run Command on Boot as Root without Password
I run OS X Yosemite and I would like to always have the command run, as root, on startup:
tcpdump -i en0 'icmp and icmp[icmptype]=icmp-echo' >> /var/vtcakavsmoace/Desktop/ping_information.txt
...
0
votes
2answers
8k views
tcpdump not capturing any packets
I'm trying to monitor what's going on in my network, so I've tried tcpdump command. I'm just learning to use it, so I thought on playing around a little bit with it.
My problem is that I cannot ...
0
votes
1answer
109 views
TCPDUMP Rotating Capture File using -G not working
I'm attempting to run a tcpdump for packet capture for the headers of encrypted traffic. I'm trying to do it with the rotating capture based off time. This is the command I'm running.
sudo tcpdump -...
0
votes
1answer
51 views
libpcap : Filter by ether_type and by speficied bytes
Thanks to pcap_filter, I want to filter by
ether_type : Protocol 0x88b5
AND by specific bytes in the payload : "ASK", or 0x41434b
It's ethernet-level => no network layer, directly the payload.
=> ...
1
vote
0answers
436 views
TCPDUMP Network IPv6 Packets
I am new to tcpdump tool and I am working in the analysis of network packets, I have analysed the IPv4 Ip packtes generated in case of wifi. But Now I am running my android phone in sim's 3g network ...
1
vote
2answers
629 views
How to find IP address of ADSL modem?
Our fall back Internet connection uses a SpeedStream 4100 modem, which just broke, so I have replaced it with a new one. I need to configure it to bridge mode, but I can't even find its IP address.
...
0
votes
1answer
113 views
How to get details- like Remote ip- about alert genrated by suricata after scanning pcap file
I wanted to test security of my android phone so I leaved it for one day running tcpdump in the background.
Then I send resulting pcap to virustotal.com. They are scanning pcap file using snort and ...
1
vote
1answer
1k views
tcpdump not displaying RSSI
I am monitoring Wi-Fi probe requests via tcpdump on Debian and am trying to capture the RSSI (signal strength) of each probe request element. Currently, the output from tcpdump for each probe request ...
1
vote
1answer
360 views
Unable to see broadcast packets with tcpdump
I am launching an application which broadcasts udp packets. I also have a simple python script to confirm that these packets are being broadcast:
sock = socket.socket(socket.AF_INET, socket....
0
votes
0answers
168 views
UDP traceroute delay?
We are seeing timeout packages when running traceroute command between two Linux systems on a private network. However, we do not see such symptoms using TCP or ICMP over traceroute. This is a private ...
1
vote
0answers
80 views
ICMP flood with ping working only one time
my problem is simple:
The first time I made a flooding ping to a fake ip on my network (for testing if someone is on promisc mode), it works perfectly:
$ping -f 192.168.1.10
After perfoming this, ...
