Ask Ubuntu
Ask Ubuntu

Questions tagged [tcpdump]

powerful command-line packet analyzer

tcpdump - a powerful command-line packet analyzer; that uses libpcap, a portable C/C++ library for network traffic capture.

It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, tcpdump is free software.

Tcpdump works on most Unix-like operating systems: Linux, Solaris, BSD, OS X, HP-UX and AIX among others. In those systems, tcpdump uses the libpcap library to capture packets.

Source: [HP] - tcpdump | [Wikipedia] - tcpdump | man tcpdump

44 questions
25
votes
4 answers

chkrootkit shows "tcpd" as INFECTED. Is it a false positive?

Scan by chkrootkit shows "tcpd" as being INFECTED. Although a scan by rkhunter shows ok,(except for regular false positives) Shall I be worried? (I'm on Ubuntu 16.10 with 4.8.0-37-generic)
user633620
  • 253
22
votes
2 answers

tcpdump permissions problem

Am having trouble running tcpdump. I must run tcpdump with non-root user. Searched the web for my problem and figured out I should: sudo setcap cap_net_admin=eip /usr/sbin/tcpdump That enabled me to run tcpdump with my user but then I got: you…
Sivan Sigal
  • 321
  • 1
  • 2
  • 4
5
votes
3 answers

Executing tcpdump without sudo on Ubuntu 20.04

I want to capture UDP packages sent by an FPGA with ~10 Gbit/s bandwidth. I found that tcpdump combined with a fast SSD is perfectly capable of receiving a continuous 10 Gbit/s stream and storing it on disk without loss. When I run sudo tcpdump,…
Christian Disch
  • 81
  • 1
  • 1
  • 5
4
votes
3 answers

Display only the data section of the packet

I am trying to display only the data section of an udp packet using tcpdump. In some other words, is it any way to filter the header section of the udp package? The below command sudo tcpdump -Aq -i lo udp port 1234…
Vicente Bolea
  • 367
3
votes
0 answers

Can tcpdump on Ubuntu 14.04 show packets in real time?

In Ubuntu 12.04 I can use the tcpdump command to see network packets in real time. A typical invocation could look like this: tcpdump -pni eth0 In Ubuntu 14.04 the exact same command no longer displays packets in real time. When I run the command…
kasperd
  • 1,779
3
votes
1 answer

Firefox repeated connections to googleusercontent.com. Just in Firefox

Ubuntu 20.04 Firefox 90.0.2 (64-bit) Firefox fresh install without even a default page. tcpdumping the network connection with Firefox in troubleshooting mode with everything disabled I see lots of connections to bc.googleusercontent.com. This…
jeffschips
  • 499
3
votes
1 answer

Tcpdump stop ungracefully

I am looking for a reliable solution to do package capture for test automation. Right now, tcpdump has been used with the following command. sudo tcpdump -i ens160 -w filename.pcap -G 60 -W 1 I stop tcpdump with: kill -s SIGINT 1 out of 20…
Krisz
  • 285
  • 1
  • 4
  • 10
2
votes
0 answers

Requests from external network fail, though initial packets reach server

I have an Ubuntu 16.04.1 LTS server that serves pages just fine to anything on the same network, but fails to respond to requests coming from outside. Packets appear to reach the server OK (so I don't think the router / VM host is to blame). For…
Nova 9
  • 21
2
votes
0 answers

tcpdump: Display only data section

I'm trying to process some pcap files. My pcaps have a standard tcp handshake for connecting and closing, and one or more interesting packets sent while the connection is open. I need to extract only the data part of the packets so that I can use…
xenakaaii
  • 21
2
votes
2 answers

Is it possible to see tcpdump real source code?

Before question, my question article may have some incorrect content. I am a linux newbie and a newbie developer. I have a question regarding linux tcpdump source code. As I know tcpdump is implemented using libpcap. How tcpdump is work? My…
박주현
  • 117
2
votes
1 answer

Analysing tcpdump output

Here with another question :) Not sure if it is a dumb one .. I was experimenting with the tcpdump command and want to know how to analyse the logs once captured For example: 06:47:41.060885 IP > ip-.us-west-2.compute.internal.ssh: Flags [.], ack…
lad
  • 35
2
votes
1 answer

how to track scan on other servers?

I have an issue with users abusing the server resources and connections. I have a server with access to several users. one of them is performing network scans abusing the network. I tried using tcpdump but with no luck as i don't know how to be…
Vitalik Jimbei
  • 379
  • 2
  • 7
  • 19
2
votes
0 answers

Crontab not running 24 hours

I've the following job in /etc/crontab: @hourly root /usr/bin/script Here is the script: #!/bin/bash killall tcpdump date=$(date +%G%m%d-%k%M) tcpdump -n port 5060 -w /media/SIPTraces/filename-$date.pcap -s 0 & This runs beautifully(ish). However,…
Eddie Worthington
  • 21
  • 1
2
votes
1 answer

Spy wake up on lan packages

I have a windows computer which trunes on by magic I had long time no clue why this happens until I found the command powercfg -lastwake which told me that my NIC woke up the computer. The wired part is that I did not send a WOL package. So I want…
rekire
  • 229
2
votes
2 answers

How can I use complex filters by protocol in tcpdump?

I can filter by lots of protocols in wireshark and tshark, like this: sudo tshark -i -Y '(ip.addr == and isakmp)' How can I add the protocol filter in a tcpdump command like this? sudo tcpdump -i any -nn host
Maf
  • 134
1
2 3