General :: Tcpdump Decode Gzip Packets?
Mar 11, 2010
Does gzip have the capability to decode gzipped traffic? I have been beating my head against the wall with this issue. What I'm trying to do is capture traffic between a web server and clients, and I've got it set up where it's redirected to a file for ease of grepping, however it's seemingly incapable of decoding gzipped encoding. I know I can do this with tshark, I'm curious as to whether tcpdump has this capability (i.e. only using tcpdump, and not some additional tool like tcpshow or what-not).
I can't find much on this issue in the man page for tcpdump, but it is fairly lengthy, so it's possible that I missed something, but I don't see that as especially likely.
View 2 Replies
ADVERTISEMENT
Apr 27, 2010
What is the syntax to capture packets from multiple host through tcpdumptcpdump ip host host1|host2|host3|host3
View 3 Replies
View Related
Mar 30, 2011
I have a linux box with two interfaces: eth0 is a builtin and eth1 is a USB-LAN.
There is an IP configured on eth1.
eth0 is up but no IP is configured. This interface is used for sniffing with tcpdump.
The problem is that eth0 frequently stops receiving packets -- my tcpdump captures are empty, and if I look at the interface stats with ifconfig, I can see that no packets are received.
If I bounce the interface (ifconfig eth0 down; ifconfig eth0 up), it starts receiving packets again.
View 1 Replies
View Related
Nov 21, 2010
I am trying dump some packets using tcpdump and it does not seem to be working.
System is fedora12
TCPDUMP v4.1
Libpcap v1.0
I even rolled my own,
TCPDUMP v4.1.1
libpcap v1.1.1
View 1 Replies
View Related
Aug 13, 2011
I want to capture all packets from site "www.examplesite.com" so I checked its ip address in an ip address look up and it was 123.456.abc.def.So I set my filter to "dst host 23.456.abc.def"However I then realised that multiple ip address point to ww.examplesite.com, for example say the following ips also go to987.654.321.000111.222.333.444So is there a filter that will automatically capture all traffic going to www.examplesite.com or do I have to go and manually find all it's ip addresses and pass them all to the filter?
View 2 Replies
View Related
Nov 23, 2010
If I am sniffing with TCPDUMP or tshark, I have an issue. If I specify a host to watch, I get no packets back, but if I don't specify a host, I get all traffic, including the host traffic I was filtering for the first time. ?? IE: If I: tcpdump -vnnXs 1514 -i bond0 I see all traffic and traffic to x.x.x.x But if I: tcpdump -vnnXs 1514 -i bond0 host x.x.x.x I see no traffic.
View 1 Replies
View Related
Aug 30, 2010
i need to write a program in c that can sniff packets from Ethernet and distinguish RTP packets from Non-RTP packets, i have no idea what should i do
View 9 Replies
View Related
Apr 4, 2011
I was wondering if anyone knew how to decode an iTunes video in Linux. So far nothing I have found will but I've heard there are ways to do this. I'm just looking to see if anyone can point me in right direction.
View 13 Replies
View Related
Apr 18, 2010
I attempted this afternoon to do something I believe I did in the past using tshark, to no avail.
Code:
sudo tshark -V > dumpfile
That is the code, and from what I recall of times since past when this was done, gzipped packets were subsequently decoded under a section "Uncompressed Entity Body". However, today, nothing was decoded. I can grep the output and see that the gzipped traffic is being identified, but the subsequent decoding of it isn't there.
Might anyone have a solution that I am unaware of? As I said, I am almost certain I have done this in the past. The fact that it doesn't work now is very confusing to me.
If the specifics are of interest, I'm running Ubuntu 9.10, and the traffic I was looking to decode involved the html content of Google search results. Specifically, the gzipped encoding should be able to be processed with tshark to output html with tshark's -V switch.
View 1 Replies
View Related
Apr 12, 2011
Given a gzip compressed file, how do I know what compression level (1-9) was used for it?
View 2 Replies
View Related
Apr 5, 2010
I want to be able to write a shell script for downloading files (only *.tar extension) from multiple folders (the sub folder's names may vary) in a FTP site and be able to untar them and then gzip them and then move them to the real folder.
View 4 Replies
View Related
Feb 8, 2010
i have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
View 8 Replies
View Related
Mar 29, 2011
I have 100 files: cvd1.txt cvd2.txt ... cvd100.txt
How to gzip 100 files into one .gz file so that after I gunzip it, I should have cvd1.txt, cvd2.txt ... cvd100.txt separately?
View 4 Replies
View Related
Feb 21, 2011
I have a existing zipped file , I want to use gzip command to append some files to it , I tried man gzip but can't find the key word "append" , can advise how can I do it ?
View 1 Replies
View Related
Apr 14, 2011
How to get manual of tcpdump?
View 2 Replies
View Related
Jul 14, 2010
I am trying to analyze the output of tcpdump, but I am unable to figure out what the output is. as I think that the security my computer would be compromised by this output.
View 2 Replies
View Related
Jun 4, 2011
I have a script which periodically backs up a directory using the command "tar -czvf [name] [directory]" but my problem is that the script has recently been putting a lot of stress on the server (Minecraft SMP) and tends to lag players as it backs up, which recently has been taking nearly 5 minutes.So I need to know if there's a way to control the GZip compression rate at the same time that it archives and backs up the files?I understand that I can first tar the files and then GZip them separately with a different compression rate afterwards, but this would not work because it names the files with the current server time, which sometimes changes in between commands.
View 1 Replies
View Related
Feb 18, 2010
I have a backup script basically is this
Code:
BACKUP_DIRS="/etc /boot /root /home"
BACKUP_FOLDER="/tmp/system_backup/
for DIR in ${BACKUP_DIRS}
do
[code]....
All the folders get dumped into seperate gzip files. Now I want all the gzip files in the backup folder into one final gzip or bzip2 file. My goal for this is to get one file instead of multiple so I can scp or ftp the one file to another file share. Which would be easier to send one file than a bunch of files.
View 2 Replies
View Related
Apr 7, 2010
I need to find TCSH shell and gzip version number by running a acript on several boxes through ssh. How can i do that? I made a script for tcsh but it is not working by ssh , it only works on my box . I dont know from where to find the gzip version info.
View 5 Replies
View Related
Jan 28, 2011
I'm trying to capture traffic between two machines, A and B. I would like to make sure that the traffic I capture with tcpdump is between eth1 on the local machine and eth0 on the remote machine. As I understand it, the -i flag specifies the local machine interface - but how to set the remote one?
View 3 Replies
View Related
Dec 10, 2009
when i send any packet to anu destination and want to see he mac address of source and destination i am using the command tcpdump -qec1 but rather then getting the mac address of source and destination each time i am getting mac address of the system which is broadcasting. will anybody tell me how can i get source and destination mac address even if any other packet is also being broadcast to my network.
View 1 Replies
View Related
Oct 23, 2010
I am trying to upload an IOS in the cisco NAC Appliance. The IOS version has to be updated as 4.8. I am getting the below error when i tried. File is not in gzip format Child return status 1 Error exit delayed from previous errors. I am using the below command to unzip the IOS file. tar xzvf ccca_upgrade-4.8.0-from-4.6.x.tar.gz.
View 3 Replies
View Related
Jan 18, 2010
have a gzip file ABC_000023232.gzipBCD_023232032.gzipI want to split these files into smaller files but keep the extension same because I am using this as a variable in a script
Code:
for i in `ls *.gzip`
split -b 500K $i $i
[code]...
View 3 Replies
View Related
Jan 6, 2011
I'm using Fedora9. I cannot start wireshark or tcpdump because of the lib dependency error:
Code:
[root@localhost ~]# wireshark
wireshark: error while loading shared libraries: libpcap.so.0.9: cannot open shared object file: No such file or directory
I updated libpcap before and the latest version is libpcap.so.1.1. I changed the version because of another application but I cannot remember when I did it, perhaps on Sep.11?
Code:
[root@localhost lib]# ll |grep libpcap
-rw-r--r-- 1 root root 309670 2010-09-11 08:10 libpcap.a
lrwxrwxrwx 1 root root 12 2010-09-11 08:10 libpcap.so -> libpcap.so.1
lrwxrwxrwx 1 root root 14 2010-09-11 08:10 libpcap.so.1 -> libpcap.so.1.1
-rwxr-xr-x 1 root root 243207 2010-09-11 08:10 libpcap.so.1.1
So I tried
Code:
ln -s libpcap.so.1.1 libpcap.so.0.9
but it doesn't work.
View 5 Replies
View Related
Oct 21, 2010
Trying to use tcpdump -r TEST, and get permission denied, even though I am logged in as root or super user. Tried using the "chmod a+rw TEST" (any other file for that matters, yes it came from another source) and get permission denied.
View 4 Replies
View Related
May 31, 2009
Linux 2.6, Slackware 12.0. I'd like to decode and write to DVD a movie.
Sources: only one: juan.avi, which I think has no subtitles and to which the following information applies:
general information
video format...:avi
encoder........:x264 (h.264 main)
audio..........:english (ac-3) (5.1 ch)
file size......:1.1gb
source.........:retail dvd
original format:pal
genre..........:drama
movie origin...:united kingdom
movie runtime..:01:51:11
Target: DVD+R removable disk.
View 2 Replies
View Related
Jun 21, 2011
I would like to know the command lines for;
-detecting the wifi in my house without being connected to it
-getting ips/macaddress from the people connected to the wifi
View 2 Replies
View Related
Jun 22, 2011
I sometimes get confused by the varying command line options I need to run common Unix archiving and compression software (e.g. gzip, bzip2, zip, tar).
Is there a program out there that can just Do What I Mean for common cases? For example:
View 2 Replies
View Related
Sep 1, 2011
Running BT5, aircrack-ng v. 1.1, Alfa AWUS036NH.
My curiosity has been aroused by a local AP that is not transmitting an ESSID. It also is neither transmitting beacon frames nor data.
The channel shows a negative one, as does the power. Facts:
1. I know this AP is nearby because, before they hid the ESSID, the power output was fairly high.
2. Airodump-ng shows -1 channel, -1 power, and a hidden ESSID, although the BSSID is visible. Neither the channel nor the encryption scheme are being transmitted.
3. Neither beacons nor data are being sent. I can determine the correct name of the ESSID from the probe field in airodump-ng
but that is all.
4. All attempts in aireplay-ng to dissociate the client fail with the message that "No such BSSID" is found!?
5. Kismet, on the other hand, does not even see the AP.
6. Loading the .cap file in Wireshark reveals no information about those packets for which the source, or dest, is the AP.
View 2 Replies
View Related
Nov 9, 2010
I keep trying to convert a bunch of jpg files into pdf, but ImageMagick just seems to keep failing there. Well well, after three thousand fix and reinstall attempts (seriously, I've been trying to fix it for the last month or so), this is what I'm getting today:
[Code]...
View 3 Replies
View Related
