TCPDUMP | 易学教程

How to forward Wireshark processed data to python? in what kind of method?

阅读更多关于 How to forward Wireshark processed data to python? in what kind of method?

问题 The Wireshark is a powerful tool for network traffic analysis. But from my practice, it can only export the processed data(which means, tell you which part is what, e.g. "data":123456 and so on) to .pcap file, but I would like to output 'data' segment in every TCP packet in real-time(or 90% real-time) to other application such as my python script for further use(may be via TCP forward?pipe?) I don't know how to get it done exactly. Is anyone feel willing to help me with this? Thank you~ ps:

IP filter on .cap file

阅读更多关于 IP filter on .cap file

问题 how to apply filter on an existing .cap file ? so i have a .cap file and want to filter out one particular IP , what is the command for that . I am using wireshark . Thanks 回答1: ip.addr == 127.15.16.13 Sometimes you may need ip.src == ..... or ip.dst == ... After that you may save filtered packets by selecting File->Save As->Packet Range->Displayed 来源： https://stackoverflow.com/questions/11671742/ip-filter-on-cap-file

Multicast receiver unable to capture the data

阅读更多关于 Multicast receiver unable to capture the data

问题 I want to capture network traffic on specific Multicast IP address and port number. For testing purpose, I replay pcap file over a network on 225.1.1.7 ip and 3100 port. I tried to capture using tcpdump using below command - sudo tcpdump -i eno1 -s0 -vv host 225.1.1.7 and port 3100 and it is working file. I have below java program - class Temp { public static void main(String[] args) throws UnknownHostException, IOException { int port = 3100; String group = "225.1.1.7"; MulticastSocket s =

telnet automation script fails sometimes

阅读更多关于 telnet automation script fails sometimes

问题 I am running the following simple telnet script which just logs into a machine and exits. The same script works fine (goes through 1000 iterations) from one Linux server but fails (consistently) from another Linux server (fails after say 200 attempts). In failure case, the number of iterations it takes to fail varies but failure is persistent. #!/usr/bin/perl use Net::Telnet; my $loop = 0; my $dumpfile = "dump.log"; my $inputfile = "input.log"; for ($loop =1; $loop <=1000; $loop++) { print "=

PCAP Ethertype Return

阅读更多关于 PCAP Ethertype Return

问题 I am attempting to identify the ether type of a packet that I am receiving. The ether type ID is 608 and has no corresponding definition in Ethertype.h(libpcap 1.2.1). The majority of the packets received have an either type of 8 which again has no corresponding definition in Ethertype.h. Does anyone have any ideas of what the cause may be behind this or should I contact TCPDump with an error report. 回答1: What is the return value of pcap_datalink() on the pcap_t on which you're capturing? If

Parsing large tcpdump files in python

阅读更多关于 Parsing large tcpdump files in python

问题 I have a large tcpdump capture ( with > 1gb of data in a .dump file) which I would like to parse to get some statistics like the number of different IPs involved in sending traffic, etc. I would like to know if there is a clean way of accessing such data in the binary trace file through python? The way I tried doing it is by running tcpdump -r something.dump > myfile.out And then try to parse myfile.out with python code to get the data i want. But the command above is taking forever to

How to send big chunk of data in one UDP packet?

阅读更多关于 How to send big chunk of data in one UDP packet?

问题 trying to send UDP packets using Netcat nc -u 127.0.0.1 1234 And using tcpdump to see actual packets tcpdump -i any -vv -n udp dst port 1234 In theory the UDP packet size can be about 64K, however when I'm sending a message with size bigger than 2048 the Netcat splits the data and sends in 2 separate UDP packets. For example if I send the following long string

刚拿到CentOS系统环境后需要做的内容

阅读更多关于刚拿到CentOS系统环境后需要做的内容

拿到机器，不要第一时间配置环境。先做如下配置：添加用户，禁用root远程ssh登录 # useradd wangzhibo //先建自己的用户 # vim /etc/ssh/sshd_config //然后root远程给禁用 PermitRootLogin no //将PermitRootLogin的值yes改为no # systemctl restart sshd //重启sshd服务禁用selinux 查看selinux状态 # sestatus //查看selinux状态 # getenforce # /usr/sbin/sestatus -v 禁用selinux 临时关闭设置SELinux 成为permissive模式 # setenforce 1 设置SELinux 成为enforcing模式 # setenforce 0 永久关闭 # vi /etc/selinux/config SELINUX=disabled 将SELINUX=enforcing改为SELINUX=disabled，设置后需要重启才能生效检查更新系统所有可以通过yum和rpm安装的所有软件包 # yum update -y 生产环境，就不要用这个命令了，根据实际需要，需要更新那个包，就单独更新 epel-release第三方源安装。自带源rpm软件太少，安装第三方源，减少下载软件的麻烦。

一次关于tcpdump的使用心得

阅读更多关于一次关于tcpdump的使用心得

一次关于tcpdump的使用心得公司出现我们service 错误，我之前一直是用wireshark 比较多的。但是linux 只有tcpdump，于是我就使用tcpdump 我们的user-service是8810，于是我输入 sudo tcpdump -vv -i eth1 src port 8810||dst port 8810 tcp -i 是网卡 src port 是源端口 dst port 是目的端口但是这时候没有数据于是我又加了-A sudo tcpdump -A -vv -i eth1 src port 8810||dst port 8810 tcp 出现了数据 12:40:09.764585 IP (tos 0x0, ttl 64, id 61424, offset 0, flags [DF], proto TCP (6), length 148) testvm-102.8810 > 192.168.255.101.52028: Flags [P.], cksum 0x80a4 (incorrect -> 0x5c44), seq 2707:2803, ack 647, win 294, options [nop,nop,TS val 181844277 ecr 2681762457], length 96 E.....@.@..U...f...e"j.<]

ReadLine on TCPDump-Buffer sometimes blocks until kill tcpdump

阅读更多关于 ReadLine on TCPDump-Buffer sometimes blocks until kill tcpdump

I have a problem using TCPDump from my Android-Application. It is supposed to read the output from tcpdump line by line and process it within my Application. The Problem is: Sometimes the code works fine, it reads the captured packets immediately. But sometimes, ReadLine blocks until I kill the tcpdump process from the Linux-Console (killall tcpdump). After doing that, my loop is processed for each line (sometimes 10, sometimes 1 or 2) - which means, the readLine should have worked, but didn´t. I read about similar problems, but did not find any solution for this problem... THANKS!! public