If I am sniffing with TCPDUMP or tshark, I have an issue. If I specify a host to watch, I get no packets back, but if I don't specify a host, I get all traffic, including the host traffic I was filtering for the first time. ?? IE: If I: tcpdump -vnnXs 1514 -i bond0 I see all traffic and traffic to x.x.x.x But if I: tcpdump -vnnXs 1514 -i bond0 host x.x.x.x I see no traffic.
View 1 RepliesWhat is the syntax to capture packets from multiple host through tcpdumptcpdump ip host host1|host2|host3|host3
View 3 Replies View RelatedI have configured NFS Server on CentOS 5.2 with IBM Web Server,which is having AIX 5.3 The IBM Web Server can upload all data onto NFS Server. Now, Today i was having slow response on IBM Web Server & by measuring the NFS, i found below error while running "tcpdump" command on CentOS Server.
tcpdump -n -i eth1 | grep 2049
18:36:37.237451 IP 10.100.19.241.2049 > 10.100.19.88.1758143293: reply ok 1448 read [|nfs]
18:36:37.237476 IP 10.100.19.241.2049 > 10.100.19.88.539981409: reply ERR 1448
18:36:37.237481 IP 10.100.19.241.2049 > 10.100.19.88.796287348: reply ERR 1448
[code]....
I have changed Network Card in CentOS. All LAN is on Gigabit Network. Also I have changed the Network Cable(Patch Cord). But,still no response.
Does gzip have the capability to decode gzipped traffic? I have been beating my head against the wall with this issue. What I'm trying to do is capture traffic between a web server and clients, and I've got it set up where it's redirected to a file for ease of grepping, however it's seemingly incapable of decoding gzipped encoding. I know I can do this with tshark, I'm curious as to whether tcpdump has this capability (i.e. only using tcpdump, and not some additional tool like tcpshow or what-not).
I can't find much on this issue in the man page for tcpdump, but it is fairly lengthy, so it's possible that I missed something, but I don't see that as especially likely.
I am trying dump some packets using tcpdump and it does not seem to be working.
System is fedora12
TCPDUMP v4.1
Libpcap v1.0
I even rolled my own,
TCPDUMP v4.1.1
libpcap v1.1.1
I have a linux box with two interfaces: eth0 is a builtin and eth1 is a USB-LAN.
There is an IP configured on eth1.
eth0 is up but no IP is configured. This interface is used for sniffing with tcpdump.
The problem is that eth0 frequently stops receiving packets -- my tcpdump captures are empty, and if I look at the interface stats with ifconfig, I can see that no packets are received.
If I bounce the interface (ifconfig eth0 down; ifconfig eth0 up), it starts receiving packets again.
I want to capture all packets from site "www.examplesite.com" so I checked its ip address in an ip address look up and it was 123.456.abc.def.So I set my filter to "dst host 23.456.abc.def"However I then realised that multiple ip address point to ww.examplesite.com, for example say the following ips also go to987.654.321.000111.222.333.444So is there a filter that will automatically capture all traffic going to www.examplesite.com or do I have to go and manually find all it's ip addresses and pass them all to the filter?
View 2 Replies View Relatedi need to write a program in c that can sniff packets from Ethernet and distinguish RTP packets from Non-RTP packets, i have no idea what should i do
View 9 Replies View RelatedI've run into a of a routing issue pertaining to packets leaving a firewall, traversing and IPSec tunnel, hitting the target and then returning via a different tunnel, finally arriving back on the source firewall but on a different interface from where it started. Once the packet has returned to the firewall it is dropped I've been unable to discover the reason for the drop. Two sides to the system, Firewall A and Firewall B. Each firewall provides the default gateway to its respective side and offers a backup IPSec tunnel to the high capacity tunnel handled internally. The Layer 3 Switch uses OSPF and takes care of the bulk of the behind the scenes routing between the sides. In case of failure the Layer 3 switches direct traffic to use the Firewall tunnels to route traffic.
View 2 Replies View RelatedI've searched a lot across the web and this forum in particular, but wasn't able to find the solution. The settings of the firewall are too cryptic to me. When the firewall is turned off everything is OK, but it is uncomfortable to turn it on and off every time I watch IPTV.
View 8 Replies View RelatedWhat is " 'name of packet.deb' is corrupted" ? How i do watch list of corrupted packets? How i do reinstall all corrupted packets?
OS: debian
i have a linux server runnig oracle applications. i need to access this server from putty using ssh through internet. i did by registering my static ip with the dnydns.org and i am able to connect to the server. but now there is no security to authenticate any user as any one knowing the password can login to it.
i thought of configuring the firewall of linux server but the client ip`s are not static and they change continiously. so thought of keeping one more pc between the server and the router which will do the work of authenticating. but i am confuse as how to configure it to allow the packets coming from the internet after authenticating and to by pass the packets generated from internal LAN?
i want to use tshark to save captured data i want it to save it in a certain directory and every x seconds and 5 files so every x seconds Tshark saves another 5 files
View 2 Replies View RelatedI have two suse linux server. Recently we got the license key. In one server i could able to register successfully. Another server is throwing an error.i am using yast-software- Novel customer center configuration. After selecting configure now, i am getting error has follows Execute curl command failed with 7 curl: (7) could't connect to host.
View 3 Replies View RelatedI am working on linux administration. I need to backup my project folders regularly. Which is the best method i can choose to backup. I know that I can schedule it through cron. Is there any other best way.? If not where can I get good document about cron. I am using suse linux enterprise server 10 sp3.
View 6 Replies View RelatedFew Days back I have installed a MTS Data Boardband Card in my Suse Linux Server 11.0 Since Then When ever I try loggin using the ROOT A/c The screen with Blue Background and the movable mouse is appearing and the desktop is not showned to me due to which i am not able to get the GUI Mode (My Desktop).
Also once I created a New user in my SUSE LINUX SERVER using that A/c I am getting the GUI Desktop but in root i am not able to get it.
It looks like there is some service which is not getting started and my Root desktop get freezed.
I am not sure why this does not work..
tshark |grep 'string'
Gives me what I want but
tshark |grep 'string' >/tmp/outputfile
Gives me an empty file.
I attempted this afternoon to do something I believe I did in the past using tshark, to no avail.
Code:
sudo tshark -V > dumpfile
That is the code, and from what I recall of times since past when this was done, gzipped packets were subsequently decoded under a section "Uncompressed Entity Body". However, today, nothing was decoded. I can grep the output and see that the gzipped traffic is being identified, but the subsequent decoding of it isn't there.
Might anyone have a solution that I am unaware of? As I said, I am almost certain I have done this in the past. The fact that it doesn't work now is very confusing to me.
If the specifics are of interest, I'm running Ubuntu 9.10, and the traffic I was looking to decode involved the html content of Google search results. Specifically, the gzipped encoding should be able to be processed with tshark to output html with tshark's -V switch.
how to use tshark to know the address of the streams of online tv/satellite channels that are broadcast from online websites that hide the addresses of these streams. i would like to feed these stream addresses directly into mplayer so as to have more control over the playing of them, and to eliminate the drawbacks of the traditional flash player/windows media player web browser plugins.
View 2 Replies View RelatedWe are running squid as a proxy server having almost 170 users.The clients are using windows and after observing more than once there are some users that are sniffing on the network using maybe some sort of sniffing tool. Now can any body recommend some anti sniffing tool that can help us in detecting that culprit. Any software linux or windows based will I have tried wireshark if someone recommends that then please give some detailed tutorial on wireshark.
View 8 Replies View RelatedNow after my experiments with Open Indiana on another partition, I have rewrite my Suse Grub, that was as in / suse partition as in MBR. Suse partition is intact as well as files in /boot/grub, but in MBR is boot loader of Open Indiana as primary. How can I get back Suse boot loader. On Installation media under Rescue system I didn't find any option for re-installation of boot loader.
P. S. Now I can run Suse completely in Gui without any problem, because, I made some changes, in Open Indiana boot loader, but I would like return a Suse Grub.
I need a utility to record the traffic on a particular TCP port. I know there are packet sniffers that can do this, but I don't need to monitors the wire, just the traffic to and from my own computer. I would assume there is something out there that can hook into the TCP stack and copy the data to a file just before/after it goes out/in, but my google fu has failed me.
View 6 Replies View RelatedI have recently started using Ubuntu, so far I am quite satisfied with the switch in OS. This time my question has more to do with privacy, govt. sniffing of private/personal communications, Internet censorship and what to do about these issues. I live in a South American country where the govt. wants to impose Internet censorship such as the one currently in place in Iran, Cuba or China. They plan to set up a single node for all Internet communications out-going and in-coming. I would not be surprised if they are already monitoring people`s communications illegally.
1. what can be done to avoid being censored? they will be able to monitor my email accounts, facebook, twitter and so on. They want to force the Internet Service Providers and telecom companies to censor their users, since those companies will be responsible for the content of the emails, sms, tweeter messages, etc.
2. What can I do to avoid their censorship of certain contents which are critical of the govt. or contrary to the regime`s views? I need to be able to read what other people are saying beyond the borders of this country. We can`t tolerate living with this ban. Certain contents coming from abroad will be blocked.
3. How can I protect my email and bank operations? Is a proxy server an option? I really don`t know what a proxy server is, how much it would help us avoid govt. sniffing in private matters for political reasons.
4. what additional measures can be taken? is using encrypted messages an option to communicate with my relatives in order to prevent the govt. from reading my emails?
My application requires that I run dos commands on a Windows desktop which is in the same network as the Suse server. The command needs to be initiated from my Suse serverand I need to get the result of the command from Windows on my Suse server
View 9 Replies View RelatedMain reason I am using openSUSE currently is because my Windows system's went bad. I haven't been able to easily restore and will probably have to do clean windows install. I want to make sure my entire openSuse system (application/OS setting/etc) backup so I can easily restore of it fast. Since this type of back takes awhile, I would preferably like do this while I am still logged into SUSE. I am where to disk cloning thing like clonezilla, but looks like I would need turn of my system entirely to get this done.
Currently my SUSE root and home are in a partition with another NTFS partition on my hard drive. I really don't want to use 'dd' to clone the entire hard disk. I would much rather store of required partitions in other locations. Hopefully, there is easy to get this done without too much of effort and time.
Got directories dated of 2009 2008, What is the best way to ls the directories, sort them by date, redirect the output to a file and then delete them?
View 14 Replies View RelatedI have a quad cpu with 8gb ram running SUSE 10 sp2 on a raid 5 XEN host server. I have created a 250 gb partition GWMAIL in the extended partition to be the disk space for the first virtual machine OES sp1 with groupwise 8.0. I have downloaded the OS .iso's to the desktop of the host server to use for installation. When I begin to install, it hangs for 5 to 10 minutes then gives me an out of space error.
View 2 Replies View RelatedI am running wireshark on my laptop. It is only showing me the packets addressed to and from it, and broadcast packets. I am running it in promiscuas mode, and in iwconfig set the interface to mode monitor. However it can still not see packets from my other laptop. They are in the same room, both wirelessly connected to the same network.
View 2 Replies View RelatedWhen I try to connect to my SUSE server from other one this appears: Remote host identification has changed. I deleted entry in know_hosts but it still working wrong, showing me this message. What could be the cause of this problem??
View 1 Replies View RelatedI have a hardware device with two ethernet ports, eth0 and eth1 running Centos 5. Basically my goal is to forward packets from eth0->eth1 and eth1->eth0 as well as get a copy of these packets for analysis. If I set IP routing to do the forwarding then I won't get a copy of the packets for analysis.
View 3 Replies View Related