TCPDUMP

Capture only ssl handshake with tcpdump

牧云@^-^@ 提交于 2019-12-09 05:43:54
问题 I have a server to which many clients connect using SSL. Recently I'm observing SSL handshake errors in the server logs (ex SSL MAC error). The error itself is not important, but I want to see why some clients are able to connect while others are failing, and also need to identify which clients are failing. For debugging this issue, I want to capture all SSL handshakes happening at server and since I don't know when the problematic clients connect, I don't want to capture all the traffic till

Parsing pcap taken from wireshark file using - Java

浪子不回头ぞ 提交于 2019-12-09 05:29:44
问题 I am working on converting PCAP file taken from wireshark using JAVA without using native or ready libraries. i converted the bytes to string directly just for checking the meaningful parts of it. then i tried to convert it from hexadecimal to string. It was not meaningful. there is java library jNetPcap which is wrapping all the libpcap library native calls which is written in c. The following picture is captured the wireless network. so the pcap contains the same information: Source ip,

Reading tcpdump header length command

六眼飞鱼酱① 提交于 2019-12-08 12:25:20
问题 This is my first post and I absolutely <3 this site! So much great content! So, I have the following TCPDump command I want to understand what it is asking (in plain English). tcpdump 'tcp[12] & 80 !=0' Is it asking to grab all TCP packets on byte offset 12 (TCP Header length and Reserved bits) with values at least 80 that is true? I believe I am wrong. If the above is true, can someone write out the possible binaries for it? 80 gives 0101 0000. My mentor also wrote down: 1111 0000 and 0111

How do you Identify the interface of a packet while listening to network traffic on all devices?

≯℡__Kan透↙ 提交于 2019-12-08 10:54:43
I am writing a python program that needs to listening to traffic on all networking devices and identify packets based on their incoming interface. To listen on all interfaces I started my capture without specify a device, but I am unable to denote the interface of a particular packet. How is this done? Matt Ball I assume that the MAC address is sufficient information for you. The first 6 octets of a packet is the destination MAC address, which is immediately followed by the 6 octets of source MAC address. Source 来源: https://stackoverflow.com/questions/5845719/how-do-you-identify-the-interface

Installing Cutter on Redhat

风格不统一 提交于 2019-12-08 08:03:51
问题 I am trying to install the cutter. I got the source code from there site and compiled it. when I run the cutter I get an error. openning /proc/net/ip_conntrack: No such file or directory I tried to run the command sudo modprobe ip_conntrack but still i get the same error. Please, Help!! Thanks. 回答1: Which redhut version you are using ?? The modules isn't called ip_conntrack but nf_conntrack_ipv4. Try sudo modprobe nf_conntrack_ipv4 and then install cutter 来源: https://stackoverflow.com

Find MAC Addresses of devices in range of Wifi router

China☆狼群 提交于 2019-12-08 07:54:01
问题 I'm currently working on a raspberry pi project that would require the wifi dongle (Realtek RTL8188CUS) to obtain the MAC addresses of nearby devices that have not connected to it. I had originally thought of doing this through tcpdump but those logs only seem to display the info of devices connected to the wifi network. So what I'm trying to figure out is: how to receive a log or list of MAC addresses within range of the network but are not connected to it. 回答1: I guess you need the wifi

Installing Cutter on Redhat

浪子不回头ぞ 提交于 2019-12-06 16:04:53
I am trying to install the cutter. I got the source code from there site and compiled it. when I run the cutter I get an error. openning /proc/net/ip_conntrack: No such file or directory I tried to run the command sudo modprobe ip_conntrack but still i get the same error. Please, Help!! Thanks. Which redhut version you are using ?? The modules isn't called ip_conntrack but nf_conntrack_ipv4. Try sudo modprobe nf_conntrack_ipv4 and then install cutter 来源: https://stackoverflow.com/questions/11581814/installing-cutter-on-redhat

Process dies, if it is run via paramiko ssh session and with “&” in the end

让人想犯罪 __ 提交于 2019-12-06 15:53:57
问题 I just want to run tcpdump in background using paramiko. Here is the part of the code: ssh = paramiko.SSHClient() ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy()) ssh.connect(host, username=login, password=password) transport = ssh.get_transport() channel = transport.open_session() channel.get_pty() channel.set_combine_stderr(True) cmd = "(nohup tcpdump -i eth1 port 443 -w /tmp/dump20150317183305940107.pcap) &" channel.exec_command(cmd) status = channel.recv_exit_status() After I

Extract unique IPs from live tcpdump capture

大城市里の小女人 提交于 2019-12-06 14:32:29
问题 I am using the following command to output IPs from live tcpdump capture sudo tcpdump -nn -q ip -l | awk '{print $3; fflush(stdout)}' >> ips.txt I get the following output 192.168.0.100.50771 192.168.0.100.50770 192.168.0.100.50759 Need 2 things: Extract only the IPs, not the ports. Generate a file with unique IPs, no duplicated, and sorted if posible. Thank you in advance 回答1: To extract unique IPs from tcpdump you can use: awk '{ ip = gensub(/([0-9]+.[0-9]+.[0-9]+.[0-9]+).*/,"\\1","g",$3);

TCP packets merged at network level

六眼飞鱼酱① 提交于 2019-12-06 06:31:42
问题 Does anybody knows how and why a counter party would receive TCP packets merged instead of individually packages? I already set TCP Nodelay to true at socket level, but tcpdump still sees some packets as merged. After 4 successful packets sent with size of 310 bytes, I got 3 x 1400 bytes instead of 15 x 310 bytes. This is causing some important latency. Thanks. http://www.2shared.com/photo/_bN9UEqR/tcpdump2.html s = new Socket(host, port); s.setTcpNoDelay(true); s.getOutputStream().write
订阅 TCPDUMP