Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [packet-analyzer]

42 questions
51
votes
6 answers

Debugger for Iptables

I'm looking for an easy way to follow a packet through the iptables rules. This is not so much about logging, because I don't want to log all traffic (and I only want to have LOG targets for very few rules). Something like Wireshark for Iptables. Or…
Chris Lercher
  • 3,982
  • 9
  • 34
  • 41
23
votes
4 answers

Change protocol associated with port in wireshark

I'm trying to monitor some web traffic using wireshark. Our web proxy is on port 9191. How can I get the wireshark view to treat port 9191 just like port 80 - ie as HTTP. Just using Decode_As on the menu seems to allow half the conversation but only…
Nick Fortescue
  • 375
  • 1
  • 2
  • 7
21
votes
4 answers

Monitor number of bytes transferred to/from IP address on port

Can anyone recommend a linux command line tool to monitor the number of bytes transferred between the local server and a specified IP address/port. The equivalent tcpdump command would be: tcpdump -s 0 -i any -w mycapture.trc port 80 host…
Mike
  • 825
  • 2
  • 8
  • 10
18
votes
2 answers

How can I search the info column in Wireshark?

Wireshark | Windows I want to search a packet capture of SMTP traffic for specific addresses/messages. Normally, I just sort the info column and browse but it would be nice if I could just run a search or filter for the specific string I'm looking…
Mike B
  • 11,570
  • 42
  • 106
  • 165
14
votes
1 answer

Why is the "don't fragment" flag set in https and ssh protocols?

I've found a lot of information specifying that this is the case, however, I am really looking for the reason behind this. Why is it necessary? Is it necessary?
Aiden Thompson
  • 243
  • 1
  • 2
  • 5
11
votes
5 answers

How to list all requests to udp sockets?

I'm operating a couple of server daemons that use udp to communicate with large number of clients. How do I find and list out all the active udp "connections" that are talking to the servers in order to estimate the num of active clients that are…
Flint
  • 631
  • 5
  • 10
  • 18
11
votes
10 answers

Is there an easy command line tool for packet sniffing a single command on linux?

I'd love if there was a single command line tool for packet sniffing a single command in Linux. something like sniff dumpfile command so that you could just run the command you want to packet sniff in the terminal and get a dump of the packets…
Amandasaurus
  • 30,211
  • 62
  • 184
  • 246
5
votes
5 answers

Is it safe to run Wireshark on a production IIS7 server? Is there a good alternative?

We host a bunch of ASP.NET sites on an IIS7 server. Occasionally, we'd like to be able to log HTTP POST data to troubleshoot problems. IIS lets us log the query string, but not the POST data - at least, we haven't found a way. Do you think it's safe…
Richard Beier
  • 389
  • 3
  • 10
  • 17
5
votes
2 answers

Can 3G networks be packet sniffed / analyzed?

Just wondering if 3G networks can be sniffed like public wifi networks, via wireshark for example (I'm almost sure this is not possible due to encryption, but I just want to make sure?)
foreyez
  • 151
  • 1
  • 4
5
votes
2 answers

Silently start Wireshark

I have a computer in our office that always gets infected by viruses. Because of this, I would like to use Wireshark (or at least something) to monitor internet traffic for a while on this machine. How can I have it start at boot time and begin…
codewario
  • 548
  • 3
  • 16
  • 33
5
votes
2 answers

GUI tool for packet replay

Is there a freeware Windows/Linux GUI packet replay tool that has the advanced features of tcpreplay (http://tcpreplay.synfin.net/) or bittwist (http://bittwist.sourceforge.net)? I'm particularly interested in the following features: Open pcap…
tony19
  • 189
  • 2
  • 5
4
votes
5 answers

How to detect an iPhone connecting a network?

I've noticed through watching Wireshark that when an iPhone connects to a wifi network, it sends out a few IGMP/MDNS packets to 224.0.0.251 (LAN broadcast, I think). Is there any easy way to watch for these packets and then either run a script or…
JayCrossler
  • 141
  • 1
  • 4
4
votes
11 answers

Windows packet sniffer

What packet sniffer would you recommend using, especially in a 50+ workstation environment? I am a fan of Wireshark but it's got quite a bit of security history. Is there something better?
Terry
  • 1,073
  • 1
  • 11
  • 17
4
votes
3 answers

Why to use a commercial packet/protocol analyzer vs. WireShark?

I have never worked in an "enterprise" infrastructure group but have been responsible for small networks. WireShark (Ethereal back in the day) always worked for me in those situations. Where is the line drawn on when to crossover? Or is it?
squillman
  • 37,618
  • 10
  • 90
  • 145
3
votes
3 answers

Sniff packets which have source address other than my machine

I tried sniffing network traffic between 2 ip addresses. One is a HTTP server and other is the client accessing that site. My aim is to sniff POST method form data. How do i do that? When i tried sniffing, only the packets which had source address…
Abhijeet Rastogi
  • 236
  • 3
  • 20
1
2 3