General :: Get Manual Of Tcpdump?
Apr 14, 2011How to get manual of tcpdump?
View 2 RepliesHow to get manual of tcpdump?
View 2 RepliesI am trying to analyze the output of tcpdump, but I am unable to figure out what the output is. as I think that the security my computer would be compromised by this output.
View 2 Replies View RelatedI'm trying to capture traffic between two machines, A and B. I would like to make sure that the traffic I capture with tcpdump is between eth1 on the local machine and eth0 on the remote machine. As I understand it, the -i flag specifies the local machine interface - but how to set the remote one?
View 3 Replies View Relatedwhen i send any packet to anu destination and want to see he mac address of source and destination i am using the command tcpdump -qec1 but rather then getting the mac address of source and destination each time i am getting mac address of the system which is broadcasting. will anybody tell me how can i get source and destination mac address even if any other packet is also being broadcast to my network.
View 1 Replies View RelatedDoes gzip have the capability to decode gzipped traffic? I have been beating my head against the wall with this issue. What I'm trying to do is capture traffic between a web server and clients, and I've got it set up where it's redirected to a file for ease of grepping, however it's seemingly incapable of decoding gzipped encoding. I know I can do this with tshark, I'm curious as to whether tcpdump has this capability (i.e. only using tcpdump, and not some additional tool like tcpshow or what-not).
I can't find much on this issue in the man page for tcpdump, but it is fairly lengthy, so it's possible that I missed something, but I don't see that as especially likely.
What is the syntax to capture packets from multiple host through tcpdumptcpdump ip host host1|host2|host3|host3
View 3 Replies View RelatedI have a linux box with two interfaces: eth0 is a builtin and eth1 is a USB-LAN.
There is an IP configured on eth1.
eth0 is up but no IP is configured. This interface is used for sniffing with tcpdump.
The problem is that eth0 frequently stops receiving packets -- my tcpdump captures are empty, and if I look at the interface stats with ifconfig, I can see that no packets are received.
If I bounce the interface (ifconfig eth0 down; ifconfig eth0 up), it starts receiving packets again.
I'm using Fedora9. I cannot start wireshark or tcpdump because of the lib dependency error:
Code:
[root@localhost ~]# wireshark
wireshark: error while loading shared libraries: libpcap.so.0.9: cannot open shared object file: No such file or directory
I updated libpcap before and the latest version is libpcap.so.1.1. I changed the version because of another application but I cannot remember when I did it, perhaps on Sep.11?
Code:
[root@localhost lib]# ll |grep libpcap
-rw-r--r-- 1 root root 309670 2010-09-11 08:10 libpcap.a
lrwxrwxrwx 1 root root 12 2010-09-11 08:10 libpcap.so -> libpcap.so.1
lrwxrwxrwx 1 root root 14 2010-09-11 08:10 libpcap.so.1 -> libpcap.so.1.1
-rwxr-xr-x 1 root root 243207 2010-09-11 08:10 libpcap.so.1.1
So I tried
Code:
ln -s libpcap.so.1.1 libpcap.so.0.9
but it doesn't work.
Trying to use tcpdump -r TEST, and get permission denied, even though I am logged in as root or super user. Tried using the "chmod a+rw TEST" (any other file for that matters, yes it came from another source) and get permission denied.
View 4 Replies View RelatedI would like to know the command lines for;
-detecting the wifi in my house without being connected to it
-getting ips/macaddress from the people connected to the wifi
My predecessor wrote a perl file that is run manually twice a month to send a set of emailed reports to one of our clients. My boss has requested that I look into automating this; it seemed simple enough, and I thought I had it set up, but I'm running into a rather strange problem.
Both the emailing program (in perl) and the report files themselves are kept on a Novell server reached from our Linux box via /mnt/srv/path/to/file/. From the linux box, I can see and manipulate them fine. The files are displayed as having 755 permissions across the board. The Linux box itself is running SuSE 9.3.
A manual run of the emailing program works fine; the files are sent out as expected. However, when I tried to set up a crontab entry for this, I'm running into trouble. I manually edited /etc/crontab to include a line setting the program to run at '0 21 * * 1,2,3,4,5'. The program itself runs fine, but errors out every time it tries to attach a file; the error message is one that various perl sites indicate means 'could not read the path to this file'.
What's the difference between a cron run and a manual run? What are some possible reasons the former fails and the latter works?
I have the binaries: perl-5.10.1-3.tar.bz2 and I don't have access (admin privileges) to run setup.exe for cygwin, my question is how can I install manually inside cygwin the module for perl: perl-5.10.1-3.tar.bz2?(or maybe can I get the sources and compile? can someone tell me please how?)
View 1 Replies View RelatedI'm starting in the forum, than if i commit a mistake.
I'm looking for a conceptualized book or manual about SAMBA?
I installed RHEL 6 Beta 2 on ESX box and found that network is to be manually started through ifup command.
View 6 Replies View Related/etc/exports
Code:
/home/bludiescript/tv-shows 192.168.1.127(ro) 192.168.1.38(ro)
/home/bludiescript/shares 192.168.1.127(rw) 192.168.1.38(rw)
portmap
[code].....
ive been trying to setup nfs share across my network. i have 3 boxes one mac which uses samba to share to the 2 sabayon linux boxes which does work. however the 2 linux boxes cant share with each other or the mac. i have tried differnt variants of the export file such as 192.168.0.0/8, 192.168.1.0/24, *, sasquatcheian etc... after any change i execute etc/init.d/nfs and exportfs -ra, i have rebooted both computers several times. i setup reserved ip's on my routers lan setup page for each computer. 192.168.1.32 is my server 192.168.1.127 is my client along with 192.168.1.38 the mac.i disabled the firewall on the server and the client has no firewall.
How do we create and link a manual / man page to man command? To illustrate my point, kindly consider the following:
Code:
-bash-2.05b# ls
case.sh scriptPid.sh
-bash-2.05b# man case.sh
No manual entry for case.sh
-bash-2.05b#
As you can see that I have two scripts. I want to display a manual / man page for the scripts. How to achieve it? For the time being I have done this:
Code:
-bash-2.05b# sh case.sh --help
No help document is available at this time.
-bash-2.05b#
That is writing related information in the script itself.
From where I can download Openswan for my RHEL 5. Please if possible, give me installation and configuration manual.
View 3 Replies View RelatedWhat would be a good book/manual to read to learn more about linux o.p. systems? and how to use them.I have to add I may not have such a good internet connection I might end up with free dial up (Bummer)so I'm not sure if a link will do.I will end up at the library anyway. so if you could suggest something that would be good, I'm not really looking for the history but more like how to use, maybe the terminal and such?.
View 4 Replies View RelatedI just found out that jobs -l and man jobs produce no output in my terminal. how could I fix that? How could I install jobs command and its manual on my ubuntu 10.10 ?
View 9 Replies View RelatedI have pc/os linux 2009 installed and I recently got the following message while trying to boot up my system:
*checking root file system...fsck 1.41.4 (27-Jan-2009) dev/sda1 contains a file system with errors, check forced. /dev/sda1:Inodes that were part of a corrupted orphan linked list found. /dev/sda1:Unexpected inconsistency;run fsck manually. (i.e., without -a or -p options) fsck died with exit status 4
*An automatic file system check (fsck) of the root filesystem failed. A manual fsck must be performed, then the system restarted. The fsck should be performed in maintenance mode with the root filesystem mounted in read-only mode.
*The root filesystem is currently mounted in read-only mode. A maintenance shell will now be started. after performing system maintenance press Control-D to terminate the maintenance shell and restart the system.
Give root password for maintenance:
The problem is, when I enter my password I get an incorrect password prompt. How can I change my password so that a manual fsck can start? Why did this message error message appear in the first place?
I am running slackware-current and I have tcpdump-4.1.1-i486-1.txz installed. If I remember right libpcap used to be part of tcpdump, but since recently i cannot find it in my system anymore! Tools like nmap give me the error message:
"error while loading shared libraries: libpcap.so.1: cannot open shared object file: No such file or directory"
I am trying to create a dump log using tcpdump. I want display the top 10 ip addresses sorted numerically showing how many times the ips are hitting the server. I'm getting frustrated because It's not working how I'd like it to.
View 1 Replies View RelatedI have configured NFS Server on CentOS 5.2 with an IBM Web Server(AIX). The IBM Web Server can upload all data onto NFS Server. Now, today i was having slow response on IBM Web Server & by measuring the NFS, I found below error while running "tcpdump" command. I have ran "tcpdump" command on NFS Server.
tcpdump -n -i eth1 | grep 2049
18:36:37.237451 IP 10.100.19.241.2049 > 10.100.19.88.1758143293: reply ok 1448 read [|nfs]
18:36:37.237476 IP 10.100.19.241.2049 > 10.100.19.88.539981409: reply ERR 1448
18:36:37.237481 IP 10.100.19.241.2049 > 10.100.19.88.796287348: reply ERR 1448
18:36:37.237488 IP 10.100.19.241.2049 > 10.100.19.88.1986098295: reply ERR 1448
18:36:37.237566 IP 10.100.19.241.2049 > 10.100.19.88.539762736: reply ERR 1448 .....
18:36:37.238263 IP 10.100.19.241.2049 > 10.100.19.88.1869440302: reply ERR 1448
16133 packets captured
23339 packets received by filter
7100 packets dropped by kernel
10.100.18.241 is the IP of NFS Server & 10.100.19.88 IP belongs to IBM Web Server.
Is there a way to do multiple interfaces in tcpdump? I have found that when using "-i any", not all packets are captured (compared to "-i eth0" on a machine with only one interface). I need to monitor traffic on some machines with as many as 6 interfaces, and get these packets that "-i any" misses. When I give the "-i" option multiple times, it seems to only use the last one.
View 3 Replies View RelatedI'm trying to capture packets to a file with the -w option but the file is empty yet if I use the '-w -' option to put data on stdout I see plenty of captured packets.I'm using CentOS 5.5 x86
Code:
[root@server ~]# tcpdump -v -i eth0 -w dump -s0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
[code]....
When attempting to run a tcdump in the background (IPSO) with the following command:
I get the message:
However the command runs fine without the '&' at the end of the line are there syntax restrictions in using the '&' flag?
I looked and have tcpdump installed on ubuntu 10.04 lts I can do a tcpdump --help and it gives the commands.I get no device found when I do tcpdump from the terminal window.my Ubuntu is having trouble looking up domains it just sits there and hangs looking up google.comI'm on a ATT 3mb DSL dry line running an asus netbook and a biostar via mobo desktop they both have trouble looking up domains right out of the DSL modem.I would try to set the DNS in ubuntu but I don't know how to do that without knowing the gateway and such. I have to get the IP of the computer, the netmask, the gateway, and the DNS for the manual setup.
View 3 Replies View RelatedI was wondering how one could set up tcpdump to run in the background, dumping all output to a file until I terminate the process.Here is the dilema... I SSH into the box that will be listening (using tcpdump)...
ssh> sudo tcpdump -i eth0 > dump_file
yadda yadda...
then if I exit my ssh session, tcpdump closes.
If I do a...
ssh> sudo tcpdump -i eth0 > dump_file &
[1] 12938
yadda yadda.
I am trying to install libpcap and tcpdump, but even if I have already installed Flex, as the terminal tells me to do. What else could I do?
Code:
configure: error: Your operating system's lex is insufficient to compile libpcap. Flex is a lex replacement that has many advantages, including being able to compile libpcap. For more information, see [URL].
I need to start a tcpdump, and then download a file by FTP. I can't understand any way of achieving this in the tcpdump man file.
View 1 Replies View Related