I’m trying to use tcpick to log http data in unique files (client and server mixed together). This is one of the examples from tcpick‘s man page: $ tcpick -i eth0 “port 80” -wRub I expected this to write the tcp stream to a file named <ip_client>_<ip_server>_<port_server>.tcpick, but it seems that no file gets written … Read more
I have a linux machine configured as a router with two interfaces facing LAN A and LAN B. I want to filter traffic passing from LAN A to LAN B (inbound traffic) using tcpdump, but I don’t have the subnet information of the LANs (not this: dst net subnetB)? Answer I didn’t fully understand what … Read more
I want to capture ip traffic at a linux machine based on the following bpf filter: ether[45]=0x11 and ether[68]=0x34 Incoming traffic is around 20Gbps and the filter discards 95% of the traffic. As my linux machine gets overloaded, I want to put a hardware filter in front of it. Can someone suggest a solution? Can … Read more
How can I dump the TCP packets to get a better idea to know which website is being attacked? Here is what I have in my logs: May 4 23:10:26 host kernel: [2130002.635000] Firewall: *SYNFLOOD Blocked* IN=eth0 OUT= MAC=00:26:9e:3d:14:e0:00:12:44:99:b8:00:08:00 SRC=51.120.142.200 DST=1.2.3.4 LEN=40 TOS=0x00 PREC=0x00 TTL=246 ID=64643 PROTO=TCP SPT=6433 DPT=80 WINDOW=0 RES=0x00 SYN URGP=0 May 4 … Read more
my problem is that I’ve got a report that my IP was used in a DOS attack. Problem is that I do not know which computer is infected and the attack is not active anymore. Is there simple Linux tool for my router (running fedora) which will count packet rate per local IP and if … Read more
Edit: Our server is trying to capture packets at between 500-600Mb/s, but is dropping packets ‘due to kernel’. Data is being written to SSDs, and isn’t bottleneck there. What things should I look for in a network card when choosing one that would be capable of handlind this kind of volume? Not looking for product … Read more
I have an application which performs an LDAP search which works in one domain but not in the other, when analyzing the packets sent between the application server and the domain controller being queried on the non working domain I only see the hand shake then a tear down no query is sent or no … Read more
On the attached tcp dump, the first two SYN packets (#21800 and 21801) came to the server, however SYN ACK was sent for the second SYN. Is that correct behaviour? My understanding is that the client is trying to establish two TCP connections from different src ports, so both connections should have been established. After … Read more
I need to capture all mysql requests/responses using tcpdump and after that need to find out which response related to which request in order to caculate the response time of each request. I used the following tcpdump code: tcpdump -ixenbr0 -s 400 -n -A ‘port 3306’ And got following result for a single SQL query … Read more
I’m using a utility to create an ICMP packet flood/attack called Hyanea since windows doesn’t have native support like linux does. I want to be able to test a new AP to see if any packet loss occurs. My target is a laptop. Only issue is, I think before the AP has trouble handling the … Read more
