Is there a way to do multiple interfaces in tcpdump? I have found that when using "-i any", not all packets are captured (compared to "-i eth0" on a machine with only one interface). I need to monitor traffic on some machines with as many as 6 interfaces, and get these packets that "-i any" misses. When I give the "-i" option multiple times, it seems to only use the last one.
View 3 RepliesI would like a basic firewall on my netbook and first attempted this by using firestarter as i have no experience in writing IPTABLES rules from first principle and to be honest the syntax looks horrific! the problem with firestarted is that when i selected WLAN0 to be the internet connected port everything worked fine until i connected to a VPN at which nothing would work (the only error i got was when pinging an IP address when i got sendmsg not permitted) my normal setup is this.... normally im connected via WLAN0 to the internet. but one one particular network i must activate the VPN to use anything, this creates another interface tun0. both wlan0 and tun0 will be assigned an ip address but only the tun0 will do anything (the wlan0 one is configured by the network to just allow traffic to the vpn gateway and nothing else) what i really need is some way of creating a basic firewall (drop all incomming except ports i specify) that lives on wlan0 unless tun0 is active in which case it moves to tun0
View 3 Replies View RelatedWhat traffic goes where? Why? Any bandwidth advantage? What if one goes down?
View 4 Replies View RelatedI have the following setup: Client A, having 2 network interfaces, eth0 and eth1, both with the IP address 192.168.1.1/32. Client B, also having 2 network interfaces, eth0 and eth1, with the IP addresses 192.168.1.2. The routing table on client A has one entry: 192.168.1.2 dev eth0 The routing table on client B has one entry: 192.168.1.2 dev eth1. Basically the idea is to send the upload traffic one one interface and the download traffic on the other interface. (Client B could serve as a gateway). However, with this setup, well... nothing works. The packets received by Client B are ignored. Does the linux kernel have anything against routing packets coming from an interface, although he thinks the source is on another interface?
View 4 Replies View RelatedI have 4 interfaces, dvb0_0 - dvb0_3. Each one has a multicast stream coming in on it. The program I am using to decode these streams only accepts one interface though. How can I "combine" so that the program, listening on 1 ip can get all 4 streams? they are on groups 224.0.1.1-4
View 1 Replies View RelatedI am trying to run some benchmark tests for multicast. What I want to do is have one system send multicast packets and another receive it on all it's interfaces (eth0-eth3). Whenever I run receiver on more than one interface I get echo effect (if I receive on x interfaces then I get same packet x number of times). Is this how it is supposed to behave? It does not make any difference whether I use loop-back or not. I have set SO_REUSEADDR to yes. I run separate instance of receiver on each interface. I am doing this on RHEL5 systems.
# uname -r
2.6.18-164.20.1.el5
I have got a problem in the configuration of the network for my Linux box. The distribution is Slackware 12.2 with the 2.6.27.7-smp kernel. There are three ethernet NIC, one on the motherboard with Atheros AR8121/AR8113 chip and two on PCI card which with RealTek 8169.
I installed the module for Atheros which is the atl1e.ko and I defined the configuration for the three NICs in /etc/rc.d/rc.inet1.conf.
When I hit the commend ifconfig I see all the three interfaces eth0, eth1, and eth2, but the address are not distributed between the NICs as I'd like so I thought to resolve the inconvience with udev, but I don't know how to proceed because there is a strange situation.
If I control the file /etc/udev/rules.d/70-persistent-net.rules I see a strange situation: Once the file contains nonly a line for the Atheros NIC but if I reboot the system there are the two lines for the two RealTek NICs and everytime the system is rebooted there is a change between these two alternatives. A detail I noted is that the two modules atl1e and r8169 are both always loaded, so udev has always the chance to detect the hardware but for some reason that I don't know something goes wrong. Another related problem that bothers me is the absence of udevinfo and udevtest. Have I perhaps to reinstall udev?
I have 4 Ethernet Interfaces. I need Dynamic IP-Addresses for 2 Interfaces. Can anybody help me how can i achieve that
View 3 Replies View RelatedI have a problem where multiple interfaces in my network manager have the same name. This means that I am unable to have different settings for each interface. Here is my setup:
Ubuntu 10.04 LTS
uname -a: Linux muon 2.6.32-30-generic #59-Ubuntu SMP Tue Mar 1 21:30:21 UTC 2011 i686 GNU/Linux
Adapter 1: 02:00.0 Ethernet controller: Intel Corporation 82573E Gigabit Ethernet Controller (Copper) (rev 03)
Adapter 2: HTC Desire tethered via USB. When I start from scratch, with no remembered networks in the network manager, the Ethernet is shown as "Auto Ethernet". When I then connect the HTC Desire, the new network is shown in the network manager also as "Auto Ethernet". Previously, when I right clicked on the network manager and selected "Edit Connections", there were multiple "Auto Ethernet" entries under the wired tab.
Now (and I do not know what changed, sorry), I only see one entry. When I edit this entry (say, add a route), then the route is added for both network interfaces. This used to still work, so I was not worried about the name clash, but now it is causing problems so I need to have a different name for each network interface.
if I want to do eth1, eth1:0, eth1:1 etc and automatically configure them at startup where do I put that in the network-scripts?
View 2 Replies View Relatedconfigure a server with two network interfaces? This system is physically moved from one network to another every few days (different buildings but connected by a VPN). I'd like to be able to control the IP address of the system depending on which port I plug the network cable into with a static setting. Right now the system will connect to the local network, but any requests to go beyond the subnet get lost. The only way I can get the system to talk outside of its subnet is to comment out the second interface.
/etc/network/interfaces:
auto lo
iface lo inet loopback
auto eth0
[code]....
I have a built-in gigabit Ethernet card which is connected to a router. Router's IP address is 192.168.2.1 My IP is 192.168.2.161 (eth0) I also have a Nokia N900 connected via USB and its IP is 192.168.1.1. It serves as a second router and on that interface (usb0) my IP is 192.168.1.2 N900 is also connected to a wireless network. Router of that network has the IP 10.0.0.1 and N900's IP is 10.0.0.50 (wlan0) My problem is that I want to reach a server at 10.0.0.7 from my computer. Is there a way I can do that?
View 1 Replies View RelatedI have two network interfaces and their entries are shown as eth0 and eth1... I want to assign them static IPs which I do by
ifconfig eth0 192.168.9.245 netmask 255.255.0.0 up
ifconfig eth1 192.168.8.245 netmask 255.255.0.0 up
But I am not sure if it will ping both the interfaces if I issue a command
ping -I eth0 192.168.9.113 (machine in network)
ping -I eth1 192.168.9.113 (machine in network)
I am getting pings from eth0 but not from eth1
I'm trying to connect one computer to two others in an ad-hoc infrastructure.
[computer 1] ---- [computer 2] ---- [computer 3]
computer 2 is running Linux and has a single NIC wlan0. I want to it to connect to both computer 1 and computer 3 so each computer can talk to the other. No switch is available so it needs to be an ad-hoc setup.
[Code]...
What is the syntax to capture packets from multiple host through tcpdumptcpdump ip host host1|host2|host3|host3
View 3 Replies View RelatedI have a weird issue that I have not seen on any forum. My jaunty on DELL studio laptop seems connected to net, but I can not access any network service (ssh, firefox etc.). But when I connect a cable the cable lights blink as it should be and in wireless connection my wifi light blinks.
It was working 2 days ago without problem, and I have not done big changes recently.I removed and reinstalled network-manager and network-manager-gnome. Nothing changed. I see a message in each restart as follows (when Openafs is starting). I can reproduce it with "/etc/init.d/openafs-client restart"
Code:
ADVISEADDR:error in specifying interfaces: no existing ip interfaces found
#lspci
Code:
04:00.0 Network controller: Intel Corporation Wireless WiFi Link 5100
08:00.0 Ethernet controller: Broadcom Corporation NetLink BCM5784M Gigabit Ethernet PCIe (rev 10)
#lshw -c network
[code].....
I have 3 Interfaces for a different LAN's and when I start one interface the another interfaces goes down.How can it's possible?I configure my ethernets as:
Code:
/sbin/ifconfig eth0 172.16.3.108 netmask 255.255.0.0 broadcast 172.0.255.255
/sbin/ifconfig eth1 172.16.3.109 netmask 255.255.0.0 broadcast 172.0.255.255
/sbin/ifconfig eth2 172.16.3.1110 netmask 255.255.0.0 broadcast 172.0.255.255
If I try to add a new interface (eth1) to /etc/network/interfaces, I get
Code:
* Reconfiguring network interfaces... SIOCSIFADDR: No such device
eth1: ERROR while getting interface flags: No such device
SIOCSIFNETMASK: No such device
[Code]...
How do I add 2 interfaces and get anyone of them to work, as available ?
At present, I have:
a Netgear router with DHCP off at 192.168.0.1 my computer
eth0 at 192.168.0.2
wlan0 at 192.168.0.2
The wlan0 interface always connects to the router, while the eth0 interface connects to other computers with crossover and acts as a dnsmasq DHCP server for network boot and installation.
If I use the Gnome NetworkManager to enable both connections, that is, with wlan0 connected to the router/internet and eth0 to another computer, both as 192.168.0.2, I cannot access the internet while eth0 is connected.
Why is this? How can I configure my computer to follow wlan0 for Internet usage, but use eth0 for itself (the latter is working but blocking wlan0).
I have a rather urgent problem with my network, I got two virtual network interfaces one internal and one external. The problem is; I can't get connection to internet. The external NIC is set as a NAT and the internal is... internal.
/etc/network/interfaces
auto eth1
iface eth1 inet static
address 192.168.1.200
netmask 255.255.255.0
Running with this configuration makes my internet connect go away, however if I remove the configuration for eth1 everything is working fine.
My question is about TCP parameters in Linux. By now, I want to change the default values of:
Initial Timeout
ACK Delay
Idle Connection Timeout
I have a Linux Box with kernel 2.6.x and 2 ethernet interfaces. I know TCP is a stack that doesn't have anything to do with ethernet devices. Said that, the question: is there a way to set custom values for each interface? For example, a server listening to connections in eth0 would use one value for Idle Connection Timeout and another server listening to connections in eth1 could use a different value for that parameter.
I am trying to create a dump log using tcpdump. I want display the top 10 ip addresses sorted numerically showing how many times the ips are hitting the server. I'm getting frustrated because It's not working how I'd like it to.
View 1 Replies View RelatedI'm trying to capture packets to a file with the -w option but the file is empty yet if I use the '-w -' option to put data on stdout I see plenty of captured packets.I'm using CentOS 5.5 x86
Code:
[root@server ~]# tcpdump -v -i eth0 -w dump -s0
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
[code]....
I would like to set up tcpdump to rotate log file every 1 hour and retain files for the lat 14 days but I don't think any combination of -C and -W would allow me to do that (Atleast I haven't been able to figure it out), so I am trying to rotate the files every X number of MB and retain the last 20 files. This seems to be fairly simple with the '-C X -W 20' option but I am having some trouble in customizing the names of the log files. I have tried '-w capture-$(date +%Y-%M-%d-%H:%M-)' thinking that each file would start with the current date and time but all files are using the date and time when the capture was started so the only difference is the number at the end (which is done by -W). if I can customize the names of the file so that it has the date and time when the capture in started. In fact if I can do that, I dont need the numbers that '-W' appends at the end but I dont know how to get rid of them.
View 4 Replies View RelatedI'm running NetWare SLES 10 sp3 with OES2 sp2. I was working with the folks at Novell to resolve an iPrint Print Manager problem.
During the process they wanted to perform a packet capture using tcpdump. While logged in as the root user the error no suitable device was found, and I received no data at all. This server is running on a VMWare Center. On other SLES 10 sp3 systems (residing on that same VMWre Center), tcpdump captures packets just fine. I inherited all of these servers, so I wasn't here during the initial build, but I'd make the guess that they were configured similarly. On a Server that I built recently, tcpdump works fine. On two of my Servers it does not, and gives the mentioned error.
It's not that big a deal, otherwise the Servers are communicating and working just fine. But, I'd like to get it working just because it's supposed to work. Students are off for the summer, so I have time to play.
The only window that's open is the terminal running this command, no pidgin, skype, samba, torrent or anything I can think of is using the network yet there is ***** load of output from tcpdump. I was hoping to use this to check where certain applications connect to and what messages they send but when I'm doing nothing there is already more output than I can go through. Running tcpdump for less than 10 seconds gives me the following output:
Code:
16:13:22.015683 IP ns.hihkptt.net.cn.domain > desk.local.56598: 46887 1/2/2 (166)
16:13:22.016251 IP ns.hihkptt.net.cn.domain > desk.local.60099: 21168 1/2/2 (166)
16:13:22.016743 IP ns.hihkptt.net.cn.domain > desk.local.42325: 50346 1/2/2 (166)
16:13:22.034733 IP ns.hihkptt.net.cn.domain > desk.local.41441: 63658 1/2/0 (134)
16:13:22.035215 IP ns.hihkptt.net.cn.domain > desk.local.42865: 37537 1/2/0 (134)
16:13:22.036124 IP ns.hihkptt.net.cn.domain > desk.local.35006: 7520 1/2/0 (134)
16:13:22.036569 IP ns.hihkptt.net.cn.domain > desk.local.38480: 51322 1/2/0 (134)
16:13:22.066006 ARP, Reply 192.168.0.1 is-at 00:b0:0c:02:60:9c (oui Unknown), length 46 .....
I am trying dump some packets using tcpdump and it does not seem to be working.
System is fedora12
TCPDUMP v4.1
Libpcap v1.0
I even rolled my own,
TCPDUMP v4.1.1
libpcap v1.1.1
I have configured NFS Server on CentOS 5.2 with IBM Web Server,which is having AIX 5.3 The IBM Web Server can upload all data onto NFS Server. Now, Today i was having slow response on IBM Web Server & by measuring the NFS, i found below error while running "tcpdump" command on CentOS Server.
tcpdump -n -i eth1 | grep 2049
18:36:37.237451 IP 10.100.19.241.2049 > 10.100.19.88.1758143293: reply ok 1448 read [|nfs]
18:36:37.237476 IP 10.100.19.241.2049 > 10.100.19.88.539981409: reply ERR 1448
18:36:37.237481 IP 10.100.19.241.2049 > 10.100.19.88.796287348: reply ERR 1448
[code]....
I have changed Network Card in CentOS. All LAN is on Gigabit Network. Also I have changed the Network Cable(Patch Cord). But,still no response.
I have a linux box with two interfaces: eth0 is a builtin and eth1 is a USB-LAN.
There is an IP configured on eth1.
eth0 is up but no IP is configured. This interface is used for sniffing with tcpdump.
The problem is that eth0 frequently stops receiving packets -- my tcpdump captures are empty, and if I look at the interface stats with ifconfig, I can see that no packets are received.
If I bounce the interface (ifconfig eth0 down; ifconfig eth0 up), it starts receiving packets again.
I am running a test to determine when packet drops occur. I'm using a Spirent TestCenter through a switch (necessary to aggregate Ethernet traffic from 5 ports to one optical link) to a server using a Myricom card.While running my test, if the input rate is below a certain value, ethtool does not report any drop (except dropped_multicast_filtered which is incrementing at a very slow rate). However, tcpdump reports X number of packets "dropped by kernel". Then if I increase the input rate, ethtool reports drops but "ifconfig eth2" does not. In fact, ifconfig doesn't seem to report any packet drops at all. Do they all measure packet drops at different "levels", i.e. ethtool at the NIC level, tcpdump at the kernel level etc?nd am I right to say that in the journey of an incoming packet, the NIC level is the "so-called" first level, then the kernel, then the user application? So any packet drop is likely to happen first at the NIC, then the kernel, then the user application? So if there is no packet drop at the NIC, but packet drop at the kernel, then the bottleneck is not at the NIC?
View 1 Replies View Related