Skip to main content
Unix & Linux

Questions tagged [tcpdump]

Ask Question

a command line packet analyzer

282 questions
Newest Active Bountied Unanswered
0 votes
1 answer
62 views

My VMs IPv6 address occasionally get on a blocklist. Their "evidence" is that they claim something is making outbound connections to port 25 and issuing an EHLO of an IP address, not a ...
John Oliver's user avatar
  • 169
2 votes
0 answers
62 views

I'm experiencing unexpected packet loss on a 10Gbps Intel NIC (ixgbe driver) even when traffic is only around 10Mbps. The setup is a test environment using tcpdump to capture packets on Ubuntu 22.04 ...
y. ktr's user avatar
  • 21
1 vote
1 answer
207 views

I'm writing a Wireshark dissector for our CAN bus protocol and I've noticed that tcpdump captures CAN frames twice and its output differs from candump program. For example, when I execute following ...
Radovan Beler 's user avatar
  • 13
2 votes
1 answer
755 views

I'm using a fresh minimal Ubuntu server 24.04.1 LTS install. I run these commands as root to set up networking and do some experiments: If you have seen this post, it's the same setup but with the ip ...
Adrian's user avatar
  • 261
0 votes
1 answer
135 views

How can I filter tcpdump output (normal screen, not -w) to only see lines with flag [P]? Running tcpdump 4.99 on Debian 12
chris01's user avatar
  • 1,049
5 votes
1 answer
617 views

I am unable to capture unicast traffic on the br0 (linux bridge) interface using the command tcpdump -nni any -vvv. Broadcast traffic, however, is captured as expected. Interestingly, unicast traffic ...
VictorLee's user avatar
  • 187
2 votes
2 answers
531 views

I am facing the following issue when running traceroute between two nodes in the same subnet. This is done as a test whether the network connection between this 2 nodes is reliable or not. We were ...
MMAX's user avatar
  • 278
0 votes
1 answer
265 views

I'm trying to capture raw/binary Ethernet traffic from my interface, so I can parse it using C. I don't want to parse any PCAP headers. I would prefer without the preamble and end bytes, but it's okay ...
intrigued_66's user avatar
  • 181
2 votes
2 answers
129 views

I run tcpdump with a filter like: not ( (host 1.165.155.169 and port 4444) or (host 1.168.68.116 and port 4444) or (host 1.173.192.253 and port 4444) or (host 1.174.97.43 and port 4444) :...
Ole Tange's user avatar
  • 37.6k
0 votes
0 answers
316 views

This is the situation: I have two VM (virtual machines) via kvm-qemu connected via virtual-serial (a socket). I created the two vm's with this serial configuration: serial1 (slackware, uses port1 ...
elbarna's user avatar
  • 14.5k
0 votes
1 answer
116 views

Digging into tcpdump implementation, I can see that it actually loads the libpcap.so dynamic library in userspace. However, by use of strace, I can't see any occurrence of calls to any function ...
CarloC's user avatar
  • 385
0 votes
1 answer
864 views

I'm experimenting with multicast traffic within my wireless network and tried to ping some pre-defined multicast address: $ ping 224.0.0.251 The ip address of the ping machine is 192.168.0.11. So I ...
Some Name's user avatar
  • 297
0 votes
0 answers
54 views

System specs: Linux client 3.10.0-123.20.1.el7.x86_64 #1 SMP Centos 5 I am having some blockages on my DC. I have identified the machine that is making the requests. I also analyzed the outgoing ...
fah81's user avatar
  • 21
0 votes
0 answers
495 views

I'm currently learning about WiFi Ethernet frames and want to sniff raw ethernet traffic from my laptop's WiFi adapter. Running sudo tcpdump -vvv -n -i wifi0 -e prints something like the following: ...
Some Name's user avatar
  • 297
0 votes
0 answers
89 views

I'm learning about Spanning Tree Protocol and was trying to capture STP frames sent from my wi-fi router by tcpdump. Here is the command: sudo tcpdump -vv -n -i en0 stp and for pretty large period ...
Some Name's user avatar
  • 297

15 30 50 per page
1
2 3 4 5
19