All Questions
7 questions
4
votes
1
answer
868
views
tcpdump -vvv is not verbose enough
For tcpdump, I use this command to see the packet details:
tcpdump -vvv -i interface
and to save the packets into a pcap file:
tcpdump -i interface -w output
The details from the first command are ...
- 41
0
votes
0
answers
355
views
Traffic capture at boot
I'm trying to figure out what packets a linux host sends at boot in order to debug it.
Is there a way to start packet capture during boot time to not miss any packets?
What is your way of going about ...
- 11
1
vote
1
answer
3k
views
server is not responding on SYN packets
On the attached tcp dump, the first two SYN packets (#21800 and 21801) came to the server, however SYN ACK was sent for the second SYN. Is that correct behaviour? My understanding is that the client ...
- 11
0
votes
3
answers
13k
views
user agent in http or https request
Is there any way that I can differentiate,
the HTTP or HTTPS packets are coming from browser or not ?
specially for https request.There is User-Agent field in packet in Http,but I could not found ...
- 211
0
votes
1
answer
854
views
syn flood attack -- packet hits on shared ip
How can I dump the TCP packets to get a better idea to know which website is being attacked?
Here is what I have in my logs:
May 4 23:10:26 host kernel: [2130002.635000] Firewall: *SYNFLOOD ...
0
votes
1
answer
614
views
Filtering inbound traffic without knowing the destination subnet
I have a linux machine configured as a router with two interfaces facing LAN A and LAN B. I want to filter traffic passing from LAN A to LAN B (inbound traffic) using tcpdump, but I don't have the ...
- 101
1
vote
4
answers
4k
views
Sniffing packets of specific binaries / apps / process id?
Is there a way to associate packets with executing binaries? I would be open to traditional sniffing methods or even dtrace for that matter.
I have a specific issue on a system with very high ...
- 1,247