1

Why does tcpdump not give my more details? Each time it only comes as - 16:22:26.128541 [|ether]

# ./tcpdump -vv not port 22 tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes 16:22:26.128541 [|ether] 16:22:26.128541 [|ether] 16:22:26.128541 [|ether] 16:22:26.128541 [|ether] 16:22:26.128541 [|ether]
Improve this question
2
  • Please, add output: tcpdump -pn -s 0 -X not port 22 Commented Sep 25, 2010 at 14:58
  • Most likely, tcpdump is not giving you any more information because it does not have any more information to give you. Likely all it understands about the packets is that they are valid ethernet packets. Using '-e' might help. Commented Aug 21, 2011 at 9:21

1 Answer 1

Reset to default
0

You need to specify your interface with the -i flag (it is defaulting to eth0, is there another interface?)

-p makes is not show port names (www for 80) and -n makes it not lookup DNS names (you'll see only the IP)

-s0 says to capture the whole packet, not just the beginning. -X shows hex and ascii data.

-v is probably not needed here - it produces slightly more input, but you aren't capturing any IP data

If you leave off the "not port 22", do you see the ssh traffic on the host?

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.