commandline packet analyzer
tcpdump is a software to analyze packets and is used via the commandline. It runs natively in most *nix operating systems.
Questions tagged [tcpdump]
207 questions
96
votes
6 answers
Can I monitor a local unix domain socket like tcpdump?
I'd like to monitor responses on a unix socket without disturbing the original connections and pipe them to a script for processing.
I know how to do this with tcpdump for tcp connections but I cannot seem to find a solution for local unix…
ck_
- 1,935
80
votes
2 answers
Does tcpdump bypass iptables?
I mistakenly setup open resolver DNS server, which was soon used for a bunch of DDoS attacks originating somewhere from / to Russia. For that reason I completely blocked port 53 on both DNS servers for everyone except for trusted IP's. It does work,…
Petr
- 2,481
70
votes
5 answers
how to make tcpdump to display ip and port number but not hostname and protocol
I'm using tcpdump for some tests
I want to see the IP and port number
but the output of tcpdump is like
IP pl1snu.koren.kr.http > kitch.pl.sophia.inria.fr.dnp: Flags [P.], seq 54:72, ack 1, win 5792, length 18
it only shows the hostname and the…
misteryes
- 3,135
22
votes
6 answers
tcpdump: how to get grepable output?
I am trying to troubleshoot an issue where I only have tcpdump available on an appliance.
I want to use tcpdump to filter web traffic, and only display traffic containing certain strings.
I do the following:
tcpdump -nei eth0 -X | grep "something…
Dog eat cat world
- 366
- 1
- 4
- 14
21
votes
6 answers
tcpdump – rotate capture files using -G, -W and -C
I'm looking to be able to capture a rotating tcpdump output which captures 30 minutes worth of data, into 48 files, cyclically.
The man page implies this should be possible, but my testing doesn't seem to produce the result I'm looking for:
-W
…
mire3212
- 568
18
votes
2 answers
What's all this deploy.akamaitechnologies.com traffic?
I happened to do a tcpdump while leaving my Mac idle, and when I came back after a mere half-hour there were something like 5000 packets involving deploy.akamaitechnologies.com, in which my computer was asking it on port TCP 443 for something, and…
Warren
- 269
- 1
- 3
- 6
17
votes
6 answers
How to capture last N seconds of packets using tcpdump
How can I capture the last N seconds of packets using tcpdump?
sushant
11
votes
2 answers
How can I diff two network dumps from tcpdump or Wireshark?
I'm having a problem with one of our customers' embedded computers. They seem to discard some network packets which they should not. I can capture the TCP communication from a managed switch outside the box using Wireshark and I can probably also…
ygoe
- 2,480
- 8
- 29
- 46
10
votes
1 answer
Traffic between VirtualBox guests not showing up in tcpdump
I have a test environment setup with 4 VirtualBox guests running CentOS 6. Each has one network device attached to a bridged adapter, which is my primary network connection on my PC, with a static IP address (ranging from 192.168.2.95-98) accessible…
Logan Bibby
- 203
10
votes
2 answers
How many TCP retransmissions Internet traffic is considered normal for a basic home setup?
Out of curiosity, I connected my laptop with an ethernet cable to the router and fired up Wireshark to understand and 'visualize' what's going on.
Some packets caught my attention.
I was having some TCP retransmissions from time to time to and from…
Netu30
- 101
- 1
- 3
9
votes
2 answers
How to measure data sent when I have a dump file created by tcpdump
I dumped a network traffic with the following command:
tcpdump -w myfile.dump
Now I want to know how much data was transmitted. I guess the file size does not equal the size of data transferred, because a dump file contains metadata as well.
How…
user983447
- 257
7
votes
1 answer
How do I make tcpdump to write to file for each packet it captures?
I'm running the following version of tcpdump:
tcpdump version 4.0.0
libpcap version 1.0.0
I want to make tcpdump write to a file for each packet it captures. Currently, I could only see the captured packets if I quit tcpdump.
tcpdump -i em1 -w…
sudurais
- 267
7
votes
2 answers
How to capture "dropped packets" in tcpdump
I have a problem with my networking performance. I am using Ubuntu 16.04 on VMware Cloud Server with NIC E1000. But I see some packets dropped in sections of ifconfig command:
root@ubuntu:~# ifconfig ens192
ens192 Link encap:Ethernet HWaddr…
Joey
- 793
7
votes
1 answer
What does a sequence of retransmissions with PSH,ACK flags mean (and a spurious retransmission back)?
I am on server 192.168.0.2 and want to make an HTTP call to 192.168.0.1(both servers are RPis and run Linux (raspbian)).
curl -XGET http://192.168.0.1:8081/api
The API on 192.168.0.1 (which I am calling) is mine (a Python script based on bottle)…
WoJ
- 3,875
6
votes
2 answers
Can tcpdump be instructed not to report packets to a specific source?
I would like to monitor packets using TCPdump. Sadly, I must do this remotely - in this case, I'm using a remote desktop from VNC, but at best I can do it over SSH.
What I mean by "at best" is: I am seeing a huge number of packets that are directed…
user1833028
- 181