Questions tagged [tcpdump]
commandline packet analyzer
201
questions
0
votes
0
answers
34
views
Why can I see many traffic forwarding on my machine
I'm working in a LAN, which is a cloud product. I have many Linux machines in this LAN. I deployed my whole web-service backend in this LAN.
Today, I executed tcpdump -i eth0 -nne -p on a machine, ...
0
votes
0
answers
17
views
Why does netcat -v send extra X packets?
I'm using netcat 1.218 on Ubuntu 22.04 to generate test syslog packets, and I noticed an odd behavior I can't explain. When I use the -v flag, netcat sends 2 additional packets containing the letter ...
0
votes
1
answer
286
views
Configure Virtualbox to capture network traffic between 2 VMs on the same host from another physical machine
My context is:
A physical machine with windows 10 (PC_Physcial_01) that host 2
virtualbox linux VMs PC_VM_01 & PC_VM_02)
An other physical machine dedicated to sniff network traffic
(...
0
votes
0
answers
106
views
Saving the captured traffic of tcpdump after 24 hours
I'm currently setting up multiple Linux Servers in order to build a honeypot infrastructure. I want to capture the incoming and outgoing traffic with tcpdump too. Is it possible to save the captured ...
1
vote
0
answers
187
views
Capture network traffic from physical devices in a Linux VM
I have a Linux VM hosted in a physical Windows PC in Hyper-V. The VM is using an external switch. There are a few more physical devices in the network. When I run tcpdump inside the VM, I can only see ...
0
votes
0
answers
30
views
File service latency is high, How to troubleshoot?
This service is a file upload service and the request packet capture in the live network is as follows:
The data uploaded by the client is halfway through, and then it will not be sent
The server ...
0
votes
2
answers
265
views
Cannot gather Google PING data with tcpdump command
I am baffled at this point following a Linux course on Udemy.
The command I am using in CentOS7 is:
tcpdump -i enp0s3 | grep 216.25.212.58
216.25.212.58 is the IP that is shown when I use the command:...
0
votes
1
answer
310
views
tcpdump shows traffic even for down interface
Using Debian Buster and having configured VLAN interface online, I wonder that tcpdump shows any traffic send to the external IP address?
Having a server on Hetzner and want to configure VLAN traffic ...
8
votes
2
answers
5k
views
How many TCP retransmissions Internet traffic is considered normal for a basic home setup?
Out of curiosity, I connected my laptop with an ethernet cable to the router and fired up Wireshark to understand and 'visualize' what's going on.
Some packets caught my attention.
I was having some ...
2
votes
1
answer
487
views
tcpdump to capture time, URL and post data
I need to capture both the post data and the time the request was made. I want to use it to replay requests on the lab server.
When I run the following command:
tcpdump -i any -s 0 -A '(tcp dst port ...
3
votes
1
answer
243
views
What Does “BBS” in TCPDump Output Mean?
I've recently implemented stricter firewall rules, and I keep seeing the Apple devices on my local network attempt to reach out to 192.168.1.156 or 192.168.1.152. In an attempt to understand what it's ...
1
vote
1
answer
1k
views
How to use ciscodump?
In wireshark, there is this option called Cisco remote capture: ciscodump, which, from my understanding, should enable to do a tcpdump on a cisco router (for example) via SSH and get back the results ...
0
votes
1
answer
1k
views
tcpdump captured packets not readable
I am new to tcpdump, when I use the following command to capture incoming http packet, I cannot recognize anything readable, such as HTTP, GET, etc. I need to check the header and content part. How to ...
1
vote
0
answers
48
views
Can anyone help me to understand this output from tcpdump?
I wrote a code in python that extracts data from the FTX exchange using their API.
I am running the code in an AWS instance (free plan), located very closeby to the servers of the exchange.
...
0
votes
0
answers
89
views
Determine/Configure which IP address gets offered next by a DHCP server?
I need a way to determine the next IP address a DHCP server will offer.
RFC 2131 states:
Each server may respond with a DHCPOFFER message that includes an available network address in the 'yiaddr' ...