The tcpdump tag has no wiki summary.
1
vote
3answers
93 views
How to capture images transferred via HTTP?
I have multiple browsers and I want save all images with size more than 30KB and save to specified address.
What is best way?
listen to tcpdump and read the content, and then save to a file, or
use ...
1
vote
0answers
27 views
router latency measured by tcpdump increases
I am using tcpdump to measure latency on a linux router, i.e. the delay experienced by packets as they pass through the router (made of Ubuntu 10). For this purpose, I captured packets in the IN and ...
0
votes
1answer
54 views
How to log all domains accessed?
Maybe I could use tcpdump, filter out all non-HTTP packets to reduce disk consumption, and then parse the output looking for domain names. Maybe there is a better solution. Do you know one?
2
votes
1answer
364 views
tcpdump: “packets captured” vs “packets received by filter”
We have a script which calls
tcpdump -v src host <IP address> and port <port number> >>out.txt 2>>err.txt -w capture.cap
on multiple IP-s while the other parts of the script ...
3
votes
1answer
76 views
sandbox tcpdump under OpenBSD?
From FreeBSD 9.0 tcpdump is sandboxed with Capsicum. Are there any solutions for sandboxing tcpdump under OpenBSD? Just want to secure a running:
tcpdump -w output.pcap
because it can be only used ...
4
votes
1answer
121 views
How to recover a file from a tcpdump?
I use
tcpdump -i wlan0 -s 0 dst 192.168.1.200 or src 192.168.1.200 -w output.pcap
to monitor for ex.: my HTTP traffic.
I upload a .zip file through HTTP.
How can I retrieve the .zip file from the ...
0
votes
3answers
89 views
using “-vvv” with “-w FILENAME” with tcpdump makes better output?
Does it makes a more detailed output if I use
tcpdump -vvv -w FILENAME
vs. if I use:
tcpdump -w FILENAME
or it doesn't makes any sense if I use the "-vvv" when I'm using "-w FILENAME"?
3
votes
1answer
129 views
Count in real time the output lines from another output command
I think what I want to do is very easy, but I can not find a way to do that:
If I put this command:
[root@:Active] tmp # tcpdump -i any -s 65535 host 192.168.1.110 and port 1645 or port 1813 -v
-X | ...
1
vote
1answer
177 views
How to gather DNS A record requests?
I need to record all outgoing A records on a RedHat PC. I tried using tcpdump:
tcpdumpdns=OUTPUT-FILENAME-HERE
nohup tcpdump -K dst port 53 -w $tcpdumpdns > /dev/null 2>&1 &
It makes ...
2
votes
1answer
203 views
iptrace for linux: how can I trace full packet contents?
I normally use iptrace on our AIX servers to get packet traces but have recently found out that this doesn't work for other 'nix systems - namely Centos.
Does anyone know what the analog would be?
...
2
votes
1answer
205 views
How to read a hexdump byte by byte in bash or awk?
This is the hexadecimal output of an IPv6 TCP packet captured with tcpdump:
6000 0000 0018 0620 0000 0000
0000 0000 0000 0000 0000 0001 0000 0000
0000 0000 0000 0000 0000 0002 *0026 0026
0000 ...
7
votes
1answer
218 views
what level of the network stack does tcpdump get its info from?
As I was trying in vain to fix a faulty ethernet controller here, one thing I tried was running tcpdump on the machine.
I found it interesting that tcpdump was able to detect that some of the ICMP ...
1
vote
2answers
319 views
How to modify the output of tcpdump to be human-readable?
I have a tcpdump command:
tcpdump -i wlan0 dst port 80 and ! dst 192.168.1.201 and ! src 192.168.1.201 -vvv -s0 -w proba.txt
Which gives the following output:
root@SERVER:/tmp# egrep "GET|Host:" ...
4
votes
1answer
351 views
How can I run tcpdump from a Python script without AppArmor complaining?
For inconvenient reasons going beyond the scope of this question, I have to run tcpdump from within a Python script. I currently just call subprocess.Popen(['tcpdump', ...) and everything works just ...
2
votes
1answer
58 views
How to know the number of messages received in a message queue at a point of time
I have a implementation where the hardware dispatches 300 packets every second to a host application through DMA transfer and then to the host application's message queue.
When packets are sent at ...
