Questions tagged [packet-capture]

Packet capture is the act of capturing data packets crossing a computer network. Packet capture can be: Deep packet capture (headers & payload), or partial packet capture (headers only).

Packet capture is the act of capturing data packets crossing a computer network. Deep packet capture (DPC) is the act of capturing, at full network speed, complete network packets (header and payload) crossing a network with a high traffic rate. Once captured and stored, either in short-term memory or long-term storage, software tools can perform Deep packet inspection (DPI) to review network packet data, perform forensics analysis to uncover the root cause of network problems, identify security threats, and ensure data communications and network usage complies with outlined policy. Some DPCs can be coupled with DPI and can as a result manage, inspect, and analyze all network traffic in real-time at wire speeds while keeping a historical archive of all network traffic for further analysis.

Partial packet capture can record headers without recording the total content of datagrams. This can reduce storage requirements, and avoid legal problems, but yet have enough data to reveal the essential information required for problem diagnosis.

Source: Wikipedia.

169 questions

vote

0 answers

Can I capture full TCP packet content with haproxy without knowing length of the packet?

I know I can capture 6 bytes length packet using this config: global log /dev/log local0 debug log /dev/log local1 notice chroot /var/lib/haproxy stats socket /run/haproxy/admin.sock mode 660 level admin…

asked Jan 08 '19 at 13:58

Defozo

vote

1 answer

Packet Captures saved in bin file format

Does anyone know of a tool to open a packet capture saved as a .bin file? That or how to convert it to pcap or something wireshark can open. I took a packet capture from a thin client and when I download it its a .bin file type. I have not been able…

wireshark packet-capture bin

asked Mar 28 '17 at 15:49

veel84

vote

0 answers

Netsh trace vs PEF trace cmdlets vs NetEvent cmdlets

I am playing with capturing my network traffic and came across two different MS commandline tools that allow doing this: a well-known netsh tool, recently equipped with powerful capture switch a brand-new PEF Framework that is shipped together with…

powershell traffic packet-capture filtering packet-sniffer

asked Feb 28 '17 at 18:53

Suncatcher

vote

2 answers

Block DNS query using pfctl

I am trying to create rule to allow DNS queries (port 53) to only 8.8.8.8 server (Google DNS). DNS queries to all other servers should not succeed. I added the following lines to /etc/pf.conf file anchor "com.xyz" load anchor "com.xyz" from…

networking domain-name-system mac-osx packet-capture pf

asked Nov 10 '16 at 06:10

sam

vote

1 answer

Possible to dump sflow data to pcap format?

I want to get the packet capture from fortiet/fortigate device, to capture all traffic from it on one of its interface. For it i have enabled sflow and sent it to another ntopng server. but on ntopng , i am able to see the sflow data but is there…

packet-capture fortigate fortinet pcap

asked Sep 19 '16 at 13:05

Farhan

4,210
9
47
76

vote

1 answer

How to capture network packets that use SS7 protocol using Wireshark?

Since SS7 protocol stack is used in GSM mobile telephony network, we can't get the packets of SS7 protocols using Wireshark in Windows Computer and browsing in a web browser like Google chrome. So how can one get packets which have SS7 protocol in…

wireshark packet-capture network-protocols packet-analyzer gsm

asked Aug 29 '16 at 18:57

Jesss

vote

1 answer

Figuring out the most efficient use of an ip range

I am working with Packet Tracer atm and have 3 subnet plans : assigned(management(104users) staff(43 users) admin(35 users)). I have an ip address range of:38.191.0.0 and subnet mask of 255.255.255.0. I want to produce that subnet plan but with…

networking cisco vlan subnet packet-capture

asked Apr 29 '16 at 13:08

JGuerra

vote

1 answer

Is there a quick way to determine what applications are present within a Wireshark capture? If so how

Is there a quick way to determine what applications are present within a Wireshark capture? If so how As most captures contain over 10 thousand lines, I can't expect people would by hand check which ports have been utilised and the applications…

wireshark packet-capture packet-sniffer packet-analyzer isolated-network

asked Apr 05 '16 at 12:03

Usage

vote

1 answer

udp broadcast on port 25860

I used wireshark on my local network (to test it), and i noticed that there is a lot of udp packets send one broadcast, and the majority is coming from only one host. Theses udp packets are send on broadcast on the port 25860. Seing all theses…

wireshark udp packet-capture

asked Jan 30 '16 at 11:06

Sidahmed

vote

2 answers

How to log all inbound connections on Windows server

I need to log a summary of all inbound TCP connections on a Windows 2008R2 server, but only including the Source IP, Source Port, Destination IP and Destination Port. I do not want to log the payload and I do not want to include outbound connections…

windows networking network-monitoring packet-capture

asked Aug 24 '15 at 00:28

Zek

vote

1 answer

centos doesn't reply to icmp request

I have the following situation: Centos7, 2 NIC with following setup: em2(NIC2) : 82.79.24.74/29 82.79.24.75/29 em3(NIC3) : 192.168.0.240/24 192.168.133.240/24 NIC1 and NIC4 are not used. The em2 ips are…

centos routing kernel icmp packet-capture

asked Jul 17 '15 at 11:31

Szilveszter Zsigmond

vote

0 answers

Redirect Default Gateway Traffic in Linux to File

I am trying to troubleshoot one of my linux servers (ubuntu server). Therefore I want to intercept all traffic that is sent to the default gateway and then write it to a file: preferably some kind of pcap format that is readable by tcpdump and/or…

networking linux-networking traffic packet-capture tshark

asked Oct 21 '14 at 17:59

user1252280

vote

2 answers

Wireshark seems to ignore my filters

I'm trying to make use of Wireshark 1.10.6 for Windows and I want to only capture the traffic to port 443 (to diagnose some weird HTTPS problems I'm having). So I open Capture -> Capture Filters... and in there I delete all filters and then add one…

wireshark packet-capture

asked Apr 07 '14 at 08:15

sharptooth

2,727
4
32
38

vote

2 answers

Can I capture ISP SNMP information with Wireshark?

I am trying to do some heavy digging into SNMP, BPI+, ISP networks. Since wireshark can be used to capture network data, would I be able to use it to remotely capture my ISP SNMP agent information and view information being sent through it? Would…

networking snmp internet wireshark packet-capture

asked Mar 09 '14 at 01:08

user1632018

vote

1 answer

"tshark: There are no interfaces on which a capture can be done" in Amazon Linux AMI

My goal is to capture packets with tshark in Amazon Linux AMI. While typing tshark in the command line there's an error: "tshark: There are no interfaces on which a capture can be done" How to implement the solution from Wireshark setup Linux for…

linux amazon-ec2 wireshark packet-capture tshark

asked Oct 29 '13 at 14:17

rok

Prev 1 2 3

…

11 12 Next