I'm trying to capture traffic between two machines, A and B. I would like to make sure that the traffic I capture with tcpdump is between eth1 on the local machine and eth0 on the remote machine. As I understand it, the -i flag specifies the local machine interface - but how to set the remote one?
View 3 Replies
I want to capture all packets from site "www.examplesite.com" so I checked its ip address in an ip address look up and it was 123.456.abc.def.So I set my filter to "dst host 23.456.abc.def"However I then realised that multiple ip address point to ww.examplesite.com, for example say the following ips also go to987.654.321.000111.222.333.444So is there a filter that will automatically capture all traffic going to www.examplesite.com or do I have to go and manually find all it's ip addresses and pass them all to the filter?
View 2 Replies View RelatedI have a linux box with two interfaces: eth0 is a builtin and eth1 is a USB-LAN.
There is an IP configured on eth1.
eth0 is up but no IP is configured. This interface is used for sniffing with tcpdump.
The problem is that eth0 frequently stops receiving packets -- my tcpdump captures are empty, and if I look at the interface stats with ifconfig, I can see that no packets are received.
If I bounce the interface (ifconfig eth0 down; ifconfig eth0 up), it starts receiving packets again.
can't seem to get sshd to bind on a remote interface.When I attempt to connect, I get an instant "unable to connect to host."
Code:
$ cat sshd_config
# Package generated configuration file
# See the sshd_config(5) manpage for details
# What ports, IPs and protocols we listen for
[Code]...
I want to set up a home computer as server. I've installed Ubuntu Server Edition 10.04, and can access it through SSH. However, I would like to have a browser based interface for managing things, such as installing a phpBB forum and stuff like that. Also, I want my friends to be able to share files on my home server as well. I know I can do it by using FTP, but I would rather not have them to install a FTP program.
View 9 Replies View RelatedI just built up an Acer Revo 3600 HTPC using Ubuntu. Right now I'm using a wireless keyboard and mouse but I'd like to get a remote control to interface with XBMC. There seem to be many remotes that work under windows but I am having a hard time finding a remote that works with Ubuntu. What are people using to control their Ubuntu-based HTPCs these days?
View 2 Replies View RelatedHow to get manual of tcpdump?
View 2 Replies View RelatedI am trying to analyze the output of tcpdump, but I am unable to figure out what the output is. as I think that the security my computer would be compromised by this output.
View 2 Replies View Relatedwhen i send any packet to anu destination and want to see he mac address of source and destination i am using the command tcpdump -qec1 but rather then getting the mac address of source and destination each time i am getting mac address of the system which is broadcasting. will anybody tell me how can i get source and destination mac address even if any other packet is also being broadcast to my network.
View 1 Replies View RelatedDoes gzip have the capability to decode gzipped traffic? I have been beating my head against the wall with this issue. What I'm trying to do is capture traffic between a web server and clients, and I've got it set up where it's redirected to a file for ease of grepping, however it's seemingly incapable of decoding gzipped encoding. I know I can do this with tshark, I'm curious as to whether tcpdump has this capability (i.e. only using tcpdump, and not some additional tool like tcpshow or what-not).
I can't find much on this issue in the man page for tcpdump, but it is fairly lengthy, so it's possible that I missed something, but I don't see that as especially likely.
How do i filter the daemoms list for just 1 letter and then turn off certain run levels for that daemon?
View 2 Replies View RelatedWhat is the syntax to capture packets from multiple host through tcpdumptcpdump ip host host1|host2|host3|host3
View 3 Replies View RelatedIs there some way to filter output of command by OR condition in Linux? There is filtering by AND condition with grep in way like:
ls -l | grep "^a" | grep "z$"
That says: list all files that beggins with "a" AND ends with "z" (so there is shorter way to write this: grep "^a.*z$", but it is not matter). Is there some way to perform test by OR condition? For example: files that starts exactly with "xen" OR files that ends exactly with ".rpm". But exactly, not something like:
grep "[xen]{0,3}.*[.rpm]{0,4}"
how I cat to filter out information about Unix Domain Sockets from netstat output without grep? Is there some option for command (I not found it in man of netstat).
View 2 Replies View RelatedI'm using Fedora9. I cannot start wireshark or tcpdump because of the lib dependency error:
Code:
[root@localhost ~]# wireshark
wireshark: error while loading shared libraries: libpcap.so.0.9: cannot open shared object file: No such file or directory
I updated libpcap before and the latest version is libpcap.so.1.1. I changed the version because of another application but I cannot remember when I did it, perhaps on Sep.11?
Code:
[root@localhost lib]# ll |grep libpcap
-rw-r--r-- 1 root root 309670 2010-09-11 08:10 libpcap.a
lrwxrwxrwx 1 root root 12 2010-09-11 08:10 libpcap.so -> libpcap.so.1
lrwxrwxrwx 1 root root 14 2010-09-11 08:10 libpcap.so.1 -> libpcap.so.1.1
-rwxr-xr-x 1 root root 243207 2010-09-11 08:10 libpcap.so.1.1
So I tried
Code:
ln -s libpcap.so.1.1 libpcap.so.0.9
but it doesn't work.
Trying to use tcpdump -r TEST, and get permission denied, even though I am logged in as root or super user. Tried using the "chmod a+rw TEST" (any other file for that matters, yes it came from another source) and get permission denied.
View 4 Replies View Relatedi am using windows 7 in my laptop and linux is installed on virtualBox but my problem is the screen is showing small in virtualbox is there any way to enalarge the screen to show like windows screen? i did before by using VGA setting but it made problem me i was not able to use GUI interface i meant graphics interface
it was just showing me Command Prompt.
I've been using an old Fortigate-60 at home for the kids for some time but now the license is expired again. Are there any free or inexpensive alternatives? I'd like something I can run on a linux firewall and share against multiple users, with different profiles. In the past I ran squid and I whitelisted sites each kid was allowed to use but this becomes tedious as the kids get older and need access to more. I'd love something that could check a website rating or category list, let the user through for certain categories, and block bad or unrated sites. I don't really need virus checking or email scanning or the like.
View 1 Replies View RelatedAre there any firewalls for Linux that will allow one to block certain ports for a specific application while allowing other programs to use the same port, or block Internet access altogether for specific applications?
Everything based on IPTables apparently can only block ports globally for all applications. SELinux is the only thing I've found so far that might have application-level Internet blocking capability, but it serves a broader array of security purposes and seems too complex for this task.
I don't need interactive popups like with Windows personal firewalls. I'm OK with having to edit a config file. This is for personal desktop Linux use, not a server.
I would like to know the command lines for;
-detecting the wifi in my house without being connected to it
-getting ips/macaddress from the people connected to the wifi
I have created custom rules following: edit > message filters > incoming filter > (custom filter), none work. Also, by right clicking a message and, create rule from message > filter based by subject, sender, and recipients. Accepting all default (auto populated) conditons. None of the filters work at all? Seems this is a popular problem that has not found a solution except to use Thunderbird. not including ThunderbirdWhen I select a message that is supposed to be filtered to a specific folder and go to Message > Apply Filters. message goes to the assigned folder, but I want it to skip the inbox all together.
View 5 Replies View RelatedI have some big files of logs that contain errors printed by an app. They are most of the time relevant, however most of them are similar. So i figured i could check what happened between a time interval with a find.
Im using this one
Code:
And I get an output similar to this one.
Code:
Is there a way to condensate the output lines to get only one or two, indicating the start and last occurrence of a block? Or I need to create a program to do so?
Because right now I get thousands of similar lines, but when I'm scrolling through them i sometimes miss relevant information that i would've otherwise noted if it wasn't all that spammy.
I am running slackware-current and I have tcpdump-4.1.1-i486-1.txz installed. If I remember right libpcap used to be part of tcpdump, but since recently i cannot find it in my system anymore! Tools like nmap give me the error message:
"error while loading shared libraries: libpcap.so.1: cannot open shared object file: No such file or directory"
I am trying to create a dump log using tcpdump. I want display the top 10 ip addresses sorted numerically showing how many times the ips are hitting the server. I'm getting frustrated because It's not working how I'd like it to.
View 1 Replies View RelatedI have configured NFS Server on CentOS 5.2 with an IBM Web Server(AIX). The IBM Web Server can upload all data onto NFS Server. Now, today i was having slow response on IBM Web Server & by measuring the NFS, I found below error while running "tcpdump" command. I have ran "tcpdump" command on NFS Server.
tcpdump -n -i eth1 | grep 2049
18:36:37.237451 IP 10.100.19.241.2049 > 10.100.19.88.1758143293: reply ok 1448 read [|nfs]
18:36:37.237476 IP 10.100.19.241.2049 > 10.100.19.88.539981409: reply ERR 1448
18:36:37.237481 IP 10.100.19.241.2049 > 10.100.19.88.796287348: reply ERR 1448
18:36:37.237488 IP 10.100.19.241.2049 > 10.100.19.88.1986098295: reply ERR 1448
18:36:37.237566 IP 10.100.19.241.2049 > 10.100.19.88.539762736: reply ERR 1448 .....
18:36:37.238263 IP 10.100.19.241.2049 > 10.100.19.88.1869440302: reply ERR 1448
16133 packets captured
23339 packets received by filter
7100 packets dropped by kernel
10.100.18.241 is the IP of NFS Server & 10.100.19.88 IP belongs to IBM Web Server.
Is there a way to do multiple interfaces in tcpdump? I have found that when using "-i any", not all packets are captured (compared to "-i eth0" on a machine with only one interface). I need to monitor traffic on some machines with as many as 6 interfaces, and get these packets that "-i any" misses. When I give the "-i" option multiple times, it seems to only use the last one.
View 3 Replies View RelatedI'm trying to capture packets to a file with the -w option but the file is empty yet if I use the '-w -' option to put data on stdout I see plenty of captured packets.I'm using CentOS 5.5 x86
Code:
[root@server ~]# tcpdump -v -i eth0 -w dump -s0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
[code]....
When attempting to run a tcdump in the background (IPSO) with the following command:
I get the message:
However the command runs fine without the '&' at the end of the line are there syntax restrictions in using the '&' flag?
I looked and have tcpdump installed on ubuntu 10.04 lts I can do a tcpdump --help and it gives the commands.I get no device found when I do tcpdump from the terminal window.my Ubuntu is having trouble looking up domains it just sits there and hangs looking up google.comI'm on a ATT 3mb DSL dry line running an asus netbook and a biostar via mobo desktop they both have trouble looking up domains right out of the DSL modem.I would try to set the DNS in ubuntu but I don't know how to do that without knowing the gateway and such. I have to get the IP of the computer, the netmask, the gateway, and the DNS for the manual setup.
View 3 Replies View RelatedI just had an ATT Uverse RG installed. However my Smoothwall router that previously worked fine with the ADSL SpeedStream is no longer accepting an address assignment DHCP ip address from this new gateway. (3800HGV-B)Any thoughts ideas or experience working with this hardware? ATT only supports Windows and Mac
View 2 Replies View Related
