General :: Tshark Gzipped Traffic Doesn't Decode With -V Switch
Apr 18, 2010
I attempted this afternoon to do something I believe I did in the past using tshark, to no avail.
Code:
sudo tshark -V > dumpfile
That is the code, and from what I recall of times since past when this was done, gzipped packets were subsequently decoded under a section "Uncompressed Entity Body". However, today, nothing was decoded. I can grep the output and see that the gzipped traffic is being identified, but the subsequent decoding of it isn't there.
Might anyone have a solution that I am unaware of? As I said, I am almost certain I have done this in the past. The fact that it doesn't work now is very confusing to me.
If the specifics are of interest, I'm running Ubuntu 9.10, and the traffic I was looking to decode involved the html content of Google search results. Specifically, the gzipped encoding should be able to be processed with tshark to output html with tshark's -V switch.
I want to use the command line join utility on two files. Unfortunately, they're gzipped. Because they're both gzipped, I can't use gzip -cd. Is there a slick way to do this without having to unzip them?
made software which we can get network traffic Report of of Switches for Daily,monthly and yearly base , in MRTG we can configure as a switch so we can get particular switch Traffic but how can we get each port of traffic of a switch in MRTG
I was wondering if anyone knew how to decode an iTunes video in Linux. So far nothing I have found will but I've heard there are ways to do this. I'm just looking to see if anyone can point me in right direction.
Does gzip have the capability to decode gzipped traffic? I have been beating my head against the wall with this issue. What I'm trying to do is capture traffic between a web server and clients, and I've got it set up where it's redirected to a file for ease of grepping, however it's seemingly incapable of decoding gzipped encoding. I know I can do this with tshark, I'm curious as to whether tcpdump has this capability (i.e. only using tcpdump, and not some additional tool like tcpshow or what-not).
I can't find much on this issue in the man page for tcpdump, but it is fairly lengthy, so it's possible that I missed something, but I don't see that as especially likely.
Recently I notice that when I'm connected to an vpn server (pptpd) and I'm using it as a default gateway my download and upload speed decreases almost to the half of the usual speed. I made a test using iptables in order to count how much GRE packets are generated (except the real traffic itself) in that way:
Code: iptables -I INPUT -p gre -j ACCEPT iptables -I OUTPUT -p gre -j ACCEPT
iptables -I FORWARD -s 172.16.10.101 -j ACCEPT iptables -I FORWARD -d 172.16.10.101 -j ACCEPT The first 2 rules match all GRE packets between the pptpd server and client, and the next rules - the traffic between the server and the client.
When I turn the counters to zero and begin to generate traffic (to browse, to download etc.) I see that the GRE packets are even more than these in the FORWARD chain.
So, my question is first of all is my test correct and is it true that so much gre traffic is being generated during the browsing (it becames clear that the traffic is double than if the pptpd wasn't used as a gateway) and if yes - can that traffic be reduced?
I've used this video conferencing web app on Windows 7 and it works perfectly. [URL] But I'm having flash problems. Flash doesn't load and the light at my webcam doesn't switch on at all. Things to note:Cheese works so I know my webcam in Ubuntu is functional. I've tried purging the flash plugin and reinstalling it. It doesn't work on Chrome and Firefox so it's definitely only a flash problem. I'm not using any medication so I know it isn't me just imagining it. EDIT: I checked out [URL] Here's a screenshot: [URL] I'll check back later, Charlie the Unicorn just rang my doorbell and invited me to tea on the magic hot air balloon. Definitely not hallucinating. Definitely. Definitely.
I'm trying to understand how deb packages work. Are there source debs?I assumed there were, but from[URL].. I see that source is distributed in a GZipped file.
i want to use tshark to save captured data i want it to save it in a certain directory and every x seconds and 5 files so every x seconds Tshark saves another 5 files
Ubuntu system monitor applet doesn't show internet traffic although my wireless is working just fine. I use a conky to monitor bandwidth through vnstat and had no problem till I upgraded to maverick.
**ifconfig wlan0 Link encap:Ethernet HWaddr 00:24:d2:c4:3e:da inet adr:192.168.0.100 Bcast:192.168.0.255 Masque:255.255.255.0 adr inet6: fe80::224:d2ff:fec4:3eda/64 Scope:Lien UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
If I am sniffing with TCPDUMP or tshark, I have an issue. If I specify a host to watch, I get no packets back, but if I don't specify a host, I get all traffic, including the host traffic I was filtering for the first time. ?? IE: If I: tcpdump -vnnXs 1514 -i bond0 I see all traffic and traffic to x.x.x.x But if I: tcpdump -vnnXs 1514 -i bond0 host x.x.x.x I see no traffic.
how to use tshark to know the address of the streams of online tv/satellite channels that are broadcast from online websites that hide the addresses of these streams. i would like to feed these stream addresses directly into mplayer so as to have more control over the playing of them, and to eliminate the drawbacks of the traditional flash player/windows media player web browser plugins.
Linux 2.6, Slackware 12.0. I'd like to decode and write to DVD a movie.
Sources: only one: juan.avi, which I think has no subtitles and to which the following information applies:
general information video format...:avi encoder........:x264 (h.264 main) audio..........:english (ac-3) (5.1 ch) file size......:1.1gb source.........:retail dvd original format:pal genre..........:drama movie origin...:united kingdom movie runtime..:01:51:11
I have a laptop computer running Ubuntu 10.04 LTS. When headphones are inserted into the headphones port, sound continues to come out the internal speakers, and not through the headphones.
This works fine in Windows 7, so the hardware appears to be good. This did work properly when we first installed Ubuntu - it spontaneously stopped working one night, so I'm not sure what we did to make it stop acting normally.
I have run "alsamixer" in the terminal, and toggled every mute and volume bar there is (there are only 4). The laptop is a Toshiba Satellite T135D-S1324.
General information: uname -a: Linux ... 2.6.32-24-generic #43-Ubuntu SMP Thu Sep 16 14:58:24 UTC 2010 x86_64 GNU/Linux
When my computer is going down for hibernation (ram2disk) he safes the session corretly to the disk and the statusbar reaches 100%, but the computer and screen leaves on. Maybe some acpi troubles?
It is just that the computer won't switch off so that I have to press the OnButton 3sec. When I start again the session is sucessfully restored.
I've bought a Avocent SwitchView MM1 KVM switch, og and connected my two Ubuntu boxes to it. Toggling the keyboard and mouse between them work only when pressing the buttons on the kvm switch itself, but not when using the hotkey combination ("Scr Lk" x 2, then key 1 or 2). Does anyone knows how to debug this
We have something on our network that is reaking havoc with our content filter. I am trying to track it down, but so far I have been unsuccessful. We have approximately 500 devices in 100+ different locations spread across 9 states. Looking at each computer is not really feasible.
I need a machine that can sit in between our network and our internet connection and graphically monitor in real time and logs how much traffic each device is sending and receiving. It would need to sit inline so it has to have two nics and be able to pass traffic. The machine also needs to be transparent. Reconfiguration of our routers or workstations is not an option.
I have used ethereal and wireshark before. Ethereal may be a viable option, but wireshark seems to provide lots of information, but no practical way to make use of it. how to set up the box to be a transparent device on the network that will allow internet bound traffic to flow (freely)?
My curiosity has been aroused by a local AP that is not transmitting an ESSID. It also is neither transmitting beacon frames nor data. The channel shows a negative one, as does the power. Facts:
1. I know this AP is nearby because, before they hid the ESSID, the power output was fairly high.
2. Airodump-ng shows -1 channel, -1 power, and a hidden ESSID, although the BSSID is visible. Neither the channel nor the encryption scheme are being transmitted.
3. Neither beacons nor data are being sent. I can determine the correct name of the ESSID from the probe field in airodump-ng but that is all.
4. All attempts in aireplay-ng to dissociate the client fail with the message that "No such BSSID" is found!?
5. Kismet, on the other hand, does not even see the AP.
6. Loading the .cap file in Wireshark reveals no information about those packets for which the source, or dest, is the AP.
I need to set up my centOS computer as a firewall in my home network. Ive got 2 interfaces, eth0 and eth1. I want to allow and forward all traffic on eth0 and block all traffic on eth1 except ssh, ping(icmp) and DNS. How do I do this? Ive tried some editing in /etc/sysconfig/iptables but no luck.
I keep trying to convert a bunch of jpg files into pdf, but ImageMagick just seems to keep failing there. Well well, after three thousand fix and reinstall attempts (seriously, I've been trying to fix it for the last month or so), this is what I'm getting today:
I am using a Fling KVM switch (by Belkin), to connect 2 computers to my monitor One computer is running XP and the other is running Linux. My wireless switching mechanism has just gone the way of the saints but Belkin has supplied a software solution for this occurrence. There is a small app called Fling (surprising) that allows me to switch from the XP machine to the Linux machine but nothing to switch back to the XP. What I need to know is there a similar app for the Linux computer. (NB I have tried Synergy but have no idea how to set it up - I've been told that synergy might work).
not sure exactly when this broke, but for some reason I'm not able to use CTRL-ALT-F1 anymore to fall back to the first virtual console.I can kill X with CTRL-ALT-BACKSPACE just fine, but I'd like to be able to get a normal shell to kill things when I've messed too much with graphical stuff.
So i want to install AMD drivers from the website. I know.. I know.. Its the same old story but I play games and such so i need them...
So I'm using the --buildpkg switch and have tried every Debian/stable, Debian/unstable, Debian/testing etc.. none of them work. I get en error stating a folder is not found.
How do I build packages specific to Debian. in the --listpkg it says Debian is supported but i cannot get the %**^ %#@@$ ATI drivers ever to work right.
i'm running Ubuntu 10.10 32-bit on an Acer Aspire 3050 laptop with an Atheros AR5BMB5 WiFi card.
The problem i'm having is that the hardware switch to turn the WiFi on and off isn't working right. When I hit the switch to turn it off, the light doesn't turn off, and Ubuntu just disconnects from the network and searches for more WiFi networks - it doesn't say that the WiFi has been deactivated, and I don't think it is. When I hit the switch again, it finds my network and connects to it.
The lspci -v | less command gives me the following information for the WiFi:
Code: 08:04.0 Ethernet controller: Atheros Communications Inc. AR2413 802.11bg NIC (rev 01) Subsystem: AMBIT Microsystem Corp. Device 0418 Flags: bus master, medium devsel, latency 168, IRQ 21
[Code]....
It lists a different model of card, but it's using what I assume is the correct driver, so I don't know if that has anything to do with it. I've checked the card itself and it is a AR5BMB5.
I would like to fix it so the switch actually turns the WiFi off instead of just making it search for more networks (I assume it's not actually turning off), and perhaps make the light turn off as it should as well.
I have made numerous audio CD's with Brasero, but recently I had to make one and mid way through the burning process I am given this error: Could not decode stream. Or some variation like that. It ruins the cd and after I get the error I can not eject the disc.
Whenever I try playing media off of my iphone when I plug it in to rhythmbox, it says: Music Player requires a additional plugin to decode this file The following plugin is required: MPEG-4 AAC decoder Do you want to search for this now?
When I click Search, it says: Failed to search for plugin Could not find plugin in any configured software source
When I try to start playing the file, it gives me: Couldn't start playback Problem occurred without error being set. This is a bug in Rhythmbox or GStreamer.
