Stack Overflow
Stack Overflow

Questions tagged [tcpdump]

tcpdump is a common packet analyzer that runs under the command line, utilizing BPF (Berkeley Packet Filter) language

tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. tcpdump relies on the underlying libpcap packet capture library.

1045 questions
121
votes
1 answer

tcpdump: localhost to localhost

I write a program that send TCP packets from localhost to localhost. And I want to use tcpdump to capture the packets. But nothing is captured. My command in Ubuntu: sudo tcpdump What argument shall I add? Thanks!
David
  • 1,235
  • 2
  • 8
  • 7
100
votes
4 answers

Can I use tcpdump to get HTTP requests, response header and response body?

I am using tcpdump to get HTTP data by executing the below command: sudo tcpdump -A -s 1492 dst port 80 The result of above command: Headers, I think request and response headers. Unreadable data. The url GET…
kimo
  • 1,864
  • 5
  • 23
  • 29
84
votes
3 answers

Monitoring multiple ports in tcpdump

I am trying to find a way to read multiple ports using tcpdump. Suppose I have two ports, p1 and p2, and I want to read the traffic moving through both ports simultaneously. Is there any way to do it using tcpdump or will I have to use some other…
mawia
  • 9,169
  • 14
  • 48
  • 57
80
votes
5 answers

How can I have tcpdump write to file and standard output the appropriate data?

I want to have tcpdump write raw packet data into a file and also display packet analysis into standard output as the packets are captured (by analysis I mean the lines it displays normally when -w is missing). Can anybody please tell me how to do…
user2565010
  • 1,876
  • 4
  • 23
  • 37
66
votes
11 answers

Monitor network activity in Android Phones

I would like to monitor network traffic of my Android Phone. I was thinking using tcpdump for Android, but I'm not sure if I have to cross-compile for the phone. Another question is the following, If I want to monitor the trafic data for a certain…
Iker
  • 2,018
  • 2
  • 29
  • 52
59
votes
5 answers

How to schedule tcpdump to run for a specific period of time?

Each time, when I manually run tcpdump, I have to use Ctrl+C to stop it. Now I want to schedule my tcpdump with cronjob and I only need it to run for 1 and half hours. Without manually running Ctrl+C or kill command, how can it be stopped…
Gary
  • 4,495
  • 13
  • 36
  • 49
54
votes
1 answer

Saving the displayed/filtered packets in wireshark

I applied a filter in wireshark to display only the incoming packets to my PC. When I save the filtered/displayed packets to a .csv file, I actually saves all the packets (un-filtered). How can I save only the displayed/filtered packets?
user846400
  • 1,061
  • 1
  • 17
  • 25
41
votes
3 answers

How to capture all the HTTP packets using tcpdump

I want to run tcpdump with some parameters (still don't know what to use), then load the stackoverflow.com page. Output should be the HTTP communication. Later, I want to use it as a shell script, so whenever I want to check the HTTP communication…
Shiplu Mokaddim
  • 56,364
  • 17
  • 141
  • 187
39
votes
3 answers

Capture incoming traffic in tcpdump

In tcpdump, how can I capture all incoming IP traffic destined to my machine? I don't care about my local traffic. Should I just say: tcpdump ip dst $MyIpAddress and not src net $myIpAddress/$myNetworkBytes ... or am I missing something?
Ricky Robinson
  • 21,798
  • 42
  • 129
  • 185
30
votes
1 answer

How can I use TCPDump on Unix to view messages sent to a specific multicast address?

I'm trying to view traffic transmitted to a specific multicast address on a network in order to analyze a protocol we're using. I don't have Wireshark available on the setup (unfortunately). TCPDump is available though. So, can anyone show me a…
John Humphreys
  • 37,047
  • 37
  • 155
  • 255
28
votes
1 answer

Capture LLDP packets using tcpdump

What is the format to capture LLDP packets on an interface using tcpdump? I tried the following format but it dint work: tcpdump -w test.pcap -i eth0 lldp -vv
udaya
  • 407
  • 1
  • 4
  • 9
25
votes
1 answer

How to filter tcpdump output based on packet length

I have been trying to filter tcpdump output based on packets lengths. But I had no luck. This is the simple output for a command; tcpdump -n -i eth0 dst port 443 -A 17:03:30.866890 IP 192.168.0.149.45104 > 62.75.148.60.443: Flags [S], seq…
Muhammet Can
  • 1,304
  • 2
  • 16
  • 30
24
votes
1 answer

tcpdump - resolve IP and skip resolving ports

How to tell tcpdump to resolve names and leave the port numbers unresolved? From man: -n Don’t convert host addresses to names. This can be used to avoid DNS lookups. -nn Don’t convert protocol and port numbers etc. to names either. setting…
Jakub M.
  • 32,471
  • 48
  • 110
  • 179
23
votes
3 answers

Capture only ssl handshake with tcpdump

I have a server to which many clients connect using SSL. Recently I'm observing SSL handshake errors in the server logs (ex SSL MAC error). The error itself is not important, but I want to see why some clients are able to connect while others are…
sadiq.ali
  • 526
  • 1
  • 6
  • 16
21
votes
6 answers

How to concatenate two tcpdump files (pcap files)

How to concatenate two tcpdump files, so that one traffic will appear after another in the file? To be concrete I want to "multiply" one tcpdump file, so that all the sessions will be repeated one after another sequentially few times.
anon
1
2 3
69 70