All Questions
16 questions
1
vote
0
answers
142
views
tcpdump is not available when extracting packet features in windows
I have been trying to extract statistical features from a packet(pcap) using pyflowmeter but I keep on getting traceback error that :'scapy.error.Scapy_Exception: tcpdump is not available', I know ...
- 11
1
vote
1
answer
503
views
Filtering for Quic Client Hello packets with tcpdump
I am able to filter for Client Hello messages for TLS on TCP with the following:
(tcp[((tcp[12] & 0xf0) >> 2)] = 0x16) && (tcp[((tcp[12] & 0xf0) >> 2) + 5] = 0x01)
https://...
- 83
2
votes
0
answers
426
views
Why can't we make tcpdump to not stop/exit when an interface on which it is capturing is brought down?
If tcpdump is started with -i <specific_interace_name> exits if that is brought down.
However, if it is started with "-i any" option, it doesn't stop if wlanX/ethX interfaces are ...
- 147
-2
votes
1
answer
275
views
tcpdump difference between ip host hostname | ip and host hostname
In tcpdump, which is the difference between the following two commands? I tried to understand but they seems pretty much the same to me.
tcpdump ip host google.com
and
tcpdump ip and host google.com
- 1,065
0
votes
1
answer
596
views
tcpdump: server client communication
I'm capturing the communication between a server and a client with tcpdump -X. I noticed a pattern and I'm not sure I fully understand it. In the following I have replaced all the header data (IP and ...
- 1,127
1
vote
1
answer
435
views
How to filter tcpdump result by keeping socket recv() data only?
As is known, the result of a tcp packet capture consists of packets that may be retransmission, out of order and so on, which will be filtered and rearranged by the network stack, and the application ...
- 449
0
votes
1
answer
553
views
How do determine the type of data exchanged between client and server from tcpdump output
I have been working on a server Projekt and sniffing package exchange between Client and the server with tcpdump. I am having a little problem figuring out/ interpreting the output of the tcpdump. I ...
- 1,893
0
votes
1
answer
596
views
Trying to understand packets captured with tcpdump
So I have intercepted a packet being sent from my android device to an apps server. I want to understand what my phone is sending to the server.
I have rooted the phone, and install tcpdump on it. I ...
- 537
1
vote
2
answers
2k
views
Error merging pcap dump files from tcpdump
I have a number of capture files that I am trying to merge. The merge files are from linux servers (both Ubuntu and Centos), a Macbook Pro and from a Windows machine. They all play nice with the ...
- 53
1
vote
1
answer
533
views
tcpdump merge possibility with dpi library
Does tcpdump can able to merge with any dpi library for deep paket flow analysis.
For example: I need skype protocol flow details and header details.
- 51
0
votes
2
answers
4k
views
Network sniffer in Python [closed]
I'm trying to find a good and stable network packet sniffer in python, that allows me to do exactly the as I used to with tcpdump.
I found this pycap but it does not seem to be that stable... Another ...
- 2,015
0
votes
1
answer
954
views
netem and tcpdump loopback interface differing ingress and egress
I have two communicating applications on the same machine:
app1----->loopback------>app2
I applied some delay (100ms) to loopback interface using netem (tc command) on a ubuntu machine (mint to be ...
- 83
1
vote
1
answer
357
views
Is there a way to limit number of packet captures with tcpflow?
I want to limit the number of captured packets, such as
tcpdump -c 20
but using tcpflow instead. is this possible? console throws a syntax error using -c with tcpflow
any help appreciated
- 11
0
votes
1
answer
648
views
ping with tcpflow and tcpdump
When I use tcpflow icmp and ping I have no answer, but when I use tcpdump icmp aand ping I'm getting answer. Is something wrong with my tcpflow configuration or it should be like that?
- 1,554
1
vote
1
answer
2k
views
Capturing HTTP packet body through tcpdump
I am trying to monitor the network activity of a specific application on an Android device. In the application that I am attempting to monitor, I am communicating with an HTTP server that is running ...
- 135
8
votes
2
answers
22k
views
tcpdump vs tcpflow (or "why isn't tcpdump ASCII packet data human readable?")
I have used both, and I conclude that I can read html data from webpages with tcpflow but cannot do so with tcpdump. The best I get is some ugly ASCII text with lots of period symbols.
My ...
- 25.1k