Questions tagged [tcpdump]

Question 1

I have a bind9 DNS server running, and I have it blocking ads through a block list for the whole network. I want to log the blocking, so I tried to listen to the UDP port. I used tcpdump and forwarded ...

Question 2

Host 192.168.3.235 sends a ping request to host 192.168.3.234 directly to the host on the local subnet. Host 192.168.3.235 sends the replies to the request to the gateway. This seems odd to me. What ...

Question 3

I get a "Conflict merging filters on src ip" error when using tcpdump with boolean host filters, such as tcpdump -nni nt:0 host 10.1.1.1 and host 10.1.1.2. I get the following error when ...

Question 4

After changing subnets for a lan/wan connected NIC (connection 1), the ipmitool over our management network (connection 2) fails to work. It is setup on a different interface whose configuration hasn'...

Question 5

I am trying to find some connection issues with my local lan. New to tcpdump so help needed! The coomand run on my test VM which is 192.168.30.18: tcpdump "host 192.168.0.100 or host 192.168.32.1&...

Question 6

Long story short, my server's system load is off the charts, but nothing is taxing the CPU script or program wise. It appears that it is under a TCP Syn flood attack, but I cannot figure out how to ...

Question 7

I have a web server, which allows user to upload or download files through HTTP requests. Internet Internet loopback interface LAN ...

Question 8

The TCP network connection between an Haproxy server in TCP mode (.94) and Postfix (.137) randomly ends with the retransmission of last FIN,ACK packet from the Postfix server: It only happens for ...

Question 9

currently I am doing some Measurements (using iperf3, TCP-Tracepoints (for monitoring the Congestion-Window (CWND)) and tcpdump). While altering the TCP-Window (RWND) Field (using a nf-hook kernel ...

Question 10

Isn't this command is supposed to capture whole network traffic **tcpdump -i any net "192.168.1.0/24 "** nothing is being shown on terminal.

Question 11

For tcpdump, I use this command to see the packet details: tcpdump -vvv -i interface and to save the packets into a pcap file: tcpdump -i interface -w output The details from the first command are ...

Question 12

Background I have a Network IPS Appliance at work. The configuration is not well documented and I want to work out what traffic has been configured to flow through which interfaces. The network is ...

Question 13

Is there a tcpdump expression that collects the vlan tag id only? I have an interface that has multiple vlan tagged traffic flowing through it. I can write expressions looking for IP pairs, or ...

Question 14

I have a PLC where I capture data through TCPDUMP command. Now The issue that I have is that when I read the hex valua of the saved data it shows it though this format: 0x0000: 0009 0f09 0021 a874 ...

Question 15

I'm not able to understand what might be the reason for a lost TCP Communication over RPC between a CentOS 7 and Windows 2019 Server. From the Wireshark I could see that the TCP Communication is ...

Question 16

Using this simple command: iperf3 -c localhost --time 1 -l 100 --bitrate 100M Then watching the output with: sudo tcpdump -i lo -B 10000000 tcp port 5201 I would expect to see lots of 100 byte ...

Question 17

The Setup I currently have a server and a mongodb database running in the cloud (Oracle Cloud Infrastructure). The Problem My connection to the database is bound by a select number of static IP's. ...

Question 18

I am using "tcpdump" to capture traffic, and I want to filter by HTTP methods. When I have IPv4 packets, I am using: tcpdump -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420' ...

Question 19

I'm trying to capture UDP data using the nc (netcat) command but it doesn't output anything. What options/parameters do I need to pass to the nc command to get the output? tcpdump does show the UDP ...

Question 20

I've set up some interconnected qemu VMs to test out port forwarding rules. For now, my current blocker is much simpler and has nothing to do with port forwarding. When I send a UDP packet from a go ...

Question 21

My webserver (Debian Bullseye, Apache2) is serving about 50 (small) websites spread over 16 ip addresses. I just noticed that on one of the ip addresses, since the beginning of this month traffic has ...

Question 22

S1 Virtual Machine 1: Ubuntu app server Virtual Machine 2: MariaDB 1 S2 Virtual Machine 3: Ubuntu app server Virtual Machine 4: MariaDB 2 from vm04 and 03 I can connect to DB1 with connection string ...

Question 23

I'm investigatinmg a strnage hang with our NextCLoud instance and think it might be todo with a misconfigured hostname somewhere. I thought of using tcpdump to look at what addresses/names are being ...

Question 24

I am testing nftables firewall rules using two virtual machines, one with the active firewall and one that tries to connect to it. For example with netcat and no firewall: nc -6 fe80::9d08:b3e2:47fa:...

Question 25

I'm under an unreliable ISP/AS, something like the GFW. They actively try to sabotage a TCP+TLS session by attacks such as sending SYN RST to established connections, making the connection timeout, ...

Question 26

I'm capturing tcpdump packets. Even though, when I want to see the output by tcpdump -r I see destination hostname instead of address IP and service name instead of port number. Example: tcpdump -w /...

Question 27

I search google for a tool to decode https traffic and get the ssldump with examples like: ssldump -k xxx.pem -i eth0 -d host example.com I wonder what the key file xxx.pem is. On the server hosting ...

Question 28

The scenario is the following: a WebSocket server and clients exchange messages at some pace (like 40-50 times in a second). However, for one client, once in a few minutes I'm observing that there is ...

Question 29

I got a big ipset and I want to capture networking packages related/not-related to these IPs. Is there a way to capture packages by using tcpdump with ipset as param?

Question 30

Just lately our server started experiencing increased CPU usage by the php(Symfony) and mysql processes. For quite some time we been trying to find the cause and we found out that we have big amount ...

Question 31

I want to use tcpdump to capture traffic between my server and the elastic search database also I would like to capture traffic of one specific url POST https://vpc-my-es-3-abcd.us-east-1.es.amazonaws....

Question 32

(Trying this forum after the question was deemed off-topic for Stack Overflow & Network Engineering) I am investigating an issue where we see occasional 200ms+ spikes in a simple tcp client/server ...

Question 33

k8s environment(4 nodes, rke 1.21.5) We noticed there is randomly significant latency in socket data transferring between different k8s pods. Latency could be as long as 15 seconds in some cases. By ...

Question 34

Is it possible to create expression in tcpdump that would filter incoming packets with wildcard? Something like this: tcpdump -v -i bond0 -c 200 -Z root udp port 514 and src server-*.com It doesn't ...

Question 35

I'm working with a system that has multiple bridge interfaces. I would like to monitor traffic on multiple interfaces, but tcpdump is capturing from both the master interface and its identical bridge, ...

Question 36

I'm using the dnsmasq service as a DHCP server. I have a bridged interface per node named br0 that has two ip addresses assigned to it. One is the public IP address and the other one is considered the ...

Question 37

I have some TCP packets being lost. I have monitored the interface with tcpdump pcap file - https://www.dropbox.com/s/7m3hr1b7065tenx/tcp.pcap?dl=0 I noticed that when I lose packets I only get 5 ...

Question 38

I'm trying to figure out what packets a linux host sends at boot in order to debug it. Is there a way to start packet capture during boot time to not miss any packets? What is your way of going about ...

Question 39

I'm having troubles with tcpdump. I want to only capture DNS packets that are responses containing authoritative responses with a single RR that is 0.0.0.0. For example I want to only capture packets ...

Question 40

To investigate on some issue, I need to dump the full ssh key offered by the ssh client to the ssh server. Up to this point, I tried to put the parent of all sshd server (belongs to root) LogLevel to ...

Question 41

I run ping: ping -c 15 -s 120 -D 192.5.15.22 The same time I watch tcpdump: tcpdump -n -e -vv -ttt -i iavf0 vlan tcpdump: listening on iavf0, link-type EN10MB (Ethernet), capture size 262144 bytes 00:...

Question 42

I have a Proxmox host with kernel 5.15.19-2-pve. It has a bond0 interface made from eth2 and eth3, which receives vlan tagged traffic. I created a vmbr666 bridge that shows looks like this: # /etc/...

Question 43

I have strange virtual (docker bridges) networking condition I have two dockers connected to the same bridge via docker-compose. One docker is "probe" and one is "injector". ...

Question 44

The overarching question How do I see what is 'bad' about a 400 - bad request? Info about the error When I click around the WordPress-backend, then between 3 and 7 requests (out of 95-100) give me a:...

Question 45

I am attempting to direct client traffic to a kubernetes cluster NodePort listening on 192.168.1.100.30000. Client's needs to make a request to 192.168.1.100.8000 so I added the following REDIRECT ...

Question 46

Given a .pcap (or similar) file, I'd like to select one TCP connection and dump both application data streams (the one from the other peer and the one two the other peer) into two separate files on ...

Question 47

I have setup dnsmasq as DHCP server on a CentOS VM, however it is not replying to DHCP requests. What could be the issue? Following is the configuration and tcpdump logs. interface=ens224 listen-...

Question 48

Trying to look at multicast traffic so I created a filter to monitor the range, then began to slowly add statements to exclude things not relevant but didnt get expected results. Do you do the ...

Question 49

We use TCPDump on an RPI to capture WiFi signals from nearby devices as a means to get an estimate of number of people. We have notice the on "normal" days the numbers are reasonably ...

Question 50

I want to filter out several specific ips and ports with tcpdump. example 192.168.1.100 port 1111 192.168.1.101 port 3333 I know tcpdump -i ens192 not dst host 192.168.1.100 and dst port 1111 ...