Skip to main content
Network Engineering

Questions tagged [tcpdump]

Ask Question

For questions about traffic dumps from the packet analyzer tcpdump. This tag should only be used in relation to troubleshooting an issue with a network device. If the host that runs tcpdump has been converted to a network device (eg. firewall on Linux) then this tag is also on topic.

66 questions
Newest Active Bountied Unanswered
1 vote
0 answers
81 views

I am trying to understand traffic as shown by tcpdump on my wifi interface (MAC_PC) looking at my regular traffic coming from an access point (MAC_AP), linked by an Ethernet cable to my router (MAC_RT)...
Huria's user avatar
  • 11
0 votes
1 answer
55 views

I am currently running into walls when trying to pop an mpls label with ovs. I currently have two interfaces on one ovs instance connected to ports eth0 and eth1. I define a flow on eth0 to pop an ...
Friwi's user avatar
  • 111
0 votes
1 answer
220 views

I am trying to establish a TCP connection with a server. I added a firewall rule in the server to drop the TCP packets in order to check how the TCP client terminates. Client retransmits SYN multiple ...
Vijaykumar Ainapur's user avatar
  • 5
1 vote
0 answers
1k views

I want to capture only QUIC UDP datagrams on 443 port. With following command tcpdump reports all udp packets that arrive to the host on port 443. tcpdump -n udp -SX -i any port 443 How I can set it ...
raiym's user avatar
  • 111
2 votes
1 answer
10k views

Could someone help me interpret this tcpdump udp packet output? We are getting out image so I'm wondering why we are seeing this message. Is the packet length indicated by "length 1500)" or ...
simgineer's user avatar
  • 123
0 votes
2 answers
359 views

If someone plugs an Ethernet over power (EOP, Homeplug) into the switch and then connect elsewhere in the building, can I detect this device by sniffing the packets with tools like Wireshark or ...
LoyckHope's user avatar
  • 5
2 votes
1 answer
2k views

Given following configuration in Linux: bond0 in LACP (802.3ad) mode with two VLAN networks running over it. bond0.111 configured with static IP bond0.222 configured with DHCP How to capture packets ...
Mikko Rantalainen's user avatar
  • 273
1 vote
1 answer
148 views

I have been trying to analyze packets using tcpdump. I am trying to use a wireless card and capture packets through monitor mode, instead of promiscuous mode, since I want to see what kind of traffic ...
DJay's user avatar
  • 13
1 vote
2 answers
512 views

some times we receive volumetric traffic from single source IP (out of our networks) towards one destination in our network, is there anyway to find it with tcp dump ? thank you.
Blackmetal's user avatar
  • 785
1 vote
1 answer
23k views

When I run tcpdump on my machine (here I use 1.2.3.4) tcpdump -i eth0 -n dst host 1.2.3.4 -v roughly 90% of incoming packets have incorrect checksum: cksum 0xc25b (correct), seq 101134607:101136035 ...
Martin Vegter's user avatar
  • 111
2 votes
1 answer
799 views

I'm trying to understand the difference in NMAP between put -Pn or not. I know that if I'm not mistaken -Pn skip ICMP (ping) scan. Ok.. so I try scan a random VM and intercept the packets with tcpdump....
felix89's user avatar
  • 21
1 vote
2 answers
2k views

I am using rcdcap to decapsulate ERSPAN on a Linux host. I would like to be able to split ERSPAN session IDs out to different logical capture interfaces. My current ERSPAN session IDs are 10 and 20. ...
verbalicious's user avatar
  • 33
1 vote
1 answer
101 views

thank you for your time. My (virtual) network has 3 objects : a client, a server and a router between them. I'm sniffing the traffic on the 3 machine with the command tcpdump -i any -s 0 -w [path] ...
no631609's user avatar
  • 13
0 votes
1 answer
104 views

I try to understand the TCP behavior, especially re-transmission. I did a small experiment and find the curious thing. The only last packet is re-transmitted. Why do this happen? I think if the ...
nimdrak's user avatar
  • 125
0 votes
0 answers
229 views

If I execute tcpdump -i wlan0 tcp -d or tcpdump -i eth0 tcp -d I get the same output (000) ldh [12] (001) jeq #0x86dd jt 2 jf 7 (002) ldb [20] (003) jeq #0x6 ...
Maicake's user avatar
  • 101

15 30 50 per page
1
2 3 4 5