Highest Voted 'pcap' Questions - Server Fault Stack Exchange

0

votes

1 answer

Mirror traffic to tcpdump server and automatically save pcaps

Looking to port mirror a network firewall interface, connect that interface to a Linux server, and have that Linux server constantly run a tcpdump and storing the output in files. Specifically, my requirement is to have pcap files saved over and…

linux tcpdump pcap

asked Aug 09 '16 at 20:09

lobi

1,021
2
14
26

0

votes

2 answers

Unable to install pcapsipdump

I'm trying to install pcapsipdump but I get the error below when I try to make. libpcab and libpcap-devel are installed, which I did via "yum install libpcap libpcap-devel". I'm currently stuck on how to debug this further so I'm reaching out.…

centos pcap

asked May 10 '16 at 10:31

jaseUK

173
8

0

votes

1 answer

PCAP filter for first few packets, and packets related to disconnection, TCP-only

I'd like to use tcpdump with a filter for some long-running debugging. Specifically, I only want to capture packets with the following conditions: First 10 packets or so of a new TCP connection (including handshake) Anything odd (retransmissions,…

tcpdump packet-capture packet-sniffer pcap

asked Feb 27 '16 at 02:35

Brad

1,389
20
43

0

votes

1 answer

PCAP traffic frame length short

I'm trying to make traffic and capture it using pcap file. I get pcap file from CAIDA(caida.org) site. This pcap file too big and doesn't have ethernet header. So i splitted pcap file to small size(40 MB) by using editcap and attach ethernet header…

wireshark packet-capture pcap tcpreplay

asked Jan 29 '16 at 02:35

whitehat

1
1

0

votes

1 answer

MCU packet capture

I am trying to do a packet capture of a video conference hosted with CISCO [Codian] MCU. The instructions for capturing SIP packets with Wireshark are available. I also configured MCU to accept SIP calls. I have installed X-Lite as a SIP client and…

cisco voip wireshark sip pcap

asked Jul 14 '15 at 07:18

Moshe Shmukler

207
1
8

0

votes

1 answer

PCap filter by IP not filtering out 0.0.0.0

I have my PCap filter set to "dst net 10.36.95.0 mask 255.255.255.0". This works in that it filters out most traffic with a destination outside of the 10.36.95.0/24 subnet, the exception being that it still captures traffic going to 0.0.0.0. Any…

pcap

asked Apr 10 '15 at 15:29

exxodus7

95
1
8

0

votes

1 answer

how to determine client side or server side retransmission from a pcap

I am trying to get some clarification on something I read here: how to calculate packet loss from a binary TCPDUMP file The first answer says that the sequence number will be the same from client to server and from server to client the ack would be…

networking tcp tcpdump pcap tshark

asked Feb 18 '15 at 00:56

user53029

619
2
14
34

0

votes

2 answers

Why am I not getting an ARP reply with this request?

Using pcap_sendpacket in C, I'm manually sending the following packet on wlan0 (I've left out some fields, but I think they are correct): (Ethernet layer) eth src: eth dest: (ARP request…

arp pcap

asked Nov 07 '14 at 23:44

Brandon

126
2
7

0

votes

1 answer

Extract nth Packet From a Pacp File

Is there any command line tool to extract the n th packet from a pcap file? I am on CentOS 6.5. Thanks in advance.

linux centos6.5 pcap tshark

asked Nov 06 '14 at 06:41

Hei

175
1
1
6

0

votes

2 answers

How do I set Securityonion/snort to not capture certain packets?

After looking through my pcaps from Security onion I'd like to filter out a host (let's call it 192.168.4.4) and filter out some traffic (ports 80 & 443), current project is to look at other traffic not web related. running tcpdump/windump I can do…

linux-networking configuration snort pcap

asked Jan 30 '14 at 14:44

tkrabec

300
1
6

0

votes

1 answer

tshark/pcap and web-server response time

How can I get response time difference between GET and HTTP/1.0 200 OK (i mean time latency of web-server) with using of tshark&shell or something else for each hostname from pcap file? What can you recommend me to do that?

linux networking web-server pcap tshark

asked Oct 28 '12 at 12:03

Павел Иванов

113
1
1
6

0

votes

1 answer

Tcp retransmission tcp session reconstruction

Im trying to write a program that reconstructs tcp sessions. I have a pcap file which have packets. The problem is i dont know which packets i should use to construct sessions when there is a retransmission.…

tcp wireshark session pcap winpcap

asked Nov 22 '11 at 14:58

varstas

103
1

0

votes

2 answers

Inconsistencies with Linux tc filter u32 matching on packet data payload - can someone explain?

I would just like some heads up on this as I really don't understand -why- this is the case. Further down is the TCPDUMP output (tcpdump -s0 -XXnni eth0 tcp port 80) of the 'HTTP' response a webserver gives when a normal GET request is made to it.…

linux networking filter pcap tc

asked Jul 21 '10 at 09:29

parkamark

1,118
6
11

0

votes

2 answers

Identifying VoIP Users

I'm looking for a way to identify as many consumer VoIP users on my ISP network as possible using packet analysis. My setup is like this: On my core switch, all traffic going in and out of gigabit1 is SPAN'd to gigabit2, where I have a linux server…

voip wireshark packet-analyzer pcap tshark

asked Jul 09 '10 at 20:26

Cory J

1,528
4
19
28

0

votes

0 answers

What is the fastest way to isolate when VLAN tagging in enabled when it should not be?

I have run into this issue several times over the years: a Linux server is not configured for VLAN tagging It is connected to a switch that has 802.1q VLAN tagging on traffic going into the server. The result is basically one-way comms where…

networking linux-networking vlan pcap

asked Jul 29 '22 at 17:07

Liam Kelly

115
4

Questions tagged [pcap]