All Questions
24 questions
0
votes
0
answers
30
views
File service latency is high, How to troubleshoot?
This service is a file upload service and the request packet capture in the live network is as follows:
The data uploaded by the client is halfway through, and then it will not be sent
The server ...
- 1
0
votes
1
answer
145
views
Nobody listens on port, yet something accepts connection on it
Here is some background information first, although it may not be relevant to the problem.
I am learning Kubernetes and I set up a cluster where pi-hole runs as a service. I can access the admin ...
- 11
1
vote
0
answers
49
views
understand ss -to4 output for a jdbc connection
My application connects to a database over JDBC, and performs a lot of sequential inserts. There is only 1 JDBC connection opened by the application. As the performance is not as expected, I started ...
- 11
6
votes
1
answer
14k
views
Capture only TCP SYN-ACK packets with tcpdump
I'm trying to capture only TCP SYN-ACK packets, i.e. with both SYN and ACK bits set with:
tcpdump -vvvni eth0 tcp[tcpflags] == tcp-syn and tcp[tcpflags] == tcp-ack
but it gives such error:
tcpdump: ...
- 254
0
votes
1
answer
2k
views
Why server doesn't stop sending packets when client sends TCP RST multiple times?
My device connects to the server which provides some video clips.
After connecting to the server, I check the wireshark and see there're multiple RST from client(port 40334) to server(80), but the ...
6
votes
1
answer
44k
views
What does TCP packet [P.] flag means in tcpdump's output?
If an IP x.x.x.x connects to IP z.z.z.z using [P.] Flag for TCP packet what exactly this [P.] flag means? Does it means that x.x.x.x sends some data to z.z.z.z?
- 307
0
votes
1
answer
2k
views
tcp session - http request [ x out of y] in wireshark capture
As below, i am seeing this [HTTP request 1/2] and [HTTP request 2/2] in 2 separate payload, are they separate GET request in a single tcp session or are they the same GET request ???
====
Added full ...
- 1,645
1
vote
0
answers
4k
views
How to make tcpdump display only source IP, destination IP, ports and timestamps
I am running tcpdump to track traffic on 2 interfaces, one input and one output. The sole purpose is to measure the latency between the time when the input interface receives incoming TCP traffic and ...
- 249
3
votes
0
answers
871
views
Inactive / Unknown TCP connections
I can see the following TCP connections in one of my linux host.
root@odb-us:~# netstat -a | grep ESTAB | grep 10.12
tcp 0 0 odb-us.:2424 10.12.0.77:40000 ESTABLISHED
tcp 0 ...
- 31
0
votes
3
answers
2k
views
Why does TCP sends more than 1 ack per packet?
My source sends packets of 4794 bytes (at least according to the capturing it looks like 1 packet each), however, the destination machine sends 2 acks for every packet sent from source.
I've tried ...
- 187
0
votes
0
answers
815
views
NAT doesn't allow TCP ACK for sent TCP SYN
We are using TCP Simultaneous Open for connecting TCP socket. Lets call one SideA and other SideB.
From the wireshark log I see that first two SYN sent from SideB is blocked by SideA NAT. Then SideA ...
- 101
1
vote
0
answers
113
views
TCP Dump received from Verizon, along with an abuse notice
Apologies in advance if this Question is not a good fit for your forum, but I hope it is and someone can help. I'm a FIOS customer and received from "[email protected]" a TCP dump as part of an email ...
- 53
2
votes
1
answer
1k
views
How to split pcap files maintaining tcp sessions
I have a pcap file which contains tcp traces.
I was wondering if there's a way to split these traces in order to maintain tcp flows, but also filtering the traffic on a src ip basis.
For example, if ...
- 121
1
vote
0
answers
4k
views
What's wrong with this tcpdump syntax?
sudo tcpdump -i ath1 -s 0 -nne "(type mgt and subtype beacon)"
Can anyone help me? I was following a tutorial at http://wiki.secarmour.com/2013/09/capture-wireless-traffic.html but seems I got ...
- 137
0
votes
3
answers
14k
views
Why are some tcp packets with the RST flag classified as new incoming connection?
While looking through my iptables log, I keep observing periodically incoming connections with the RESET flag being set from a few ip addresses within my ISP's network. This is a sample tcpdump on one ...
- 1,121
1
vote
0
answers
445
views
No response received from github ssh randomly
My git pull started to stop working randomly with this error
$ git pull
ssh: connect to host github.com port 22: Connection timed
out fatal: The remote end hung up unexpectedly
I tried debugging git ...
- 131
3
votes
1
answer
3k
views
Using tcpdump on displayed TCP data
If
sudo tcpdump -i eth0 -X
gives me
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
16:16:11....
- 133
3
votes
1
answer
4k
views
have tcpdump show the 'conversation' as i would get from wireshark?
Is it possible to get the same output i would get from:
tcpdump port 80 -w log.pcap
wireshark log.pcap
in wireshark Analyze > Follow TCP Stream and then in the bottom drop down Entire ...
- 31
1
vote
1
answer
855
views
What does this tcpdump printout mean?
I'm not very experience with networking, so on my free time, I usually try and learn some more things about the internet and how it works. While at school, I came across tcpdump and wanted to give it ...
0
votes
2
answers
2k
views
TCP packets not captured by PHP listener
I have a device (GPS localizer) that is sending TCP (I think so) packets to my server on given IP address and through given port. Since I have only SSH access to that server, I opened up two sessions ...
- 11.7k
2
votes
2
answers
1k
views
Program to record data transmission between two computers using a TCP port
I am looking for a way to view data being transmitted over a TCP port between two computers.
Is there a software package that allows this? I suppose I could script something to re-route data coming ...
- 961
6
votes
2
answers
22k
views
How to make tcpdump (or other tool) to actually dump TCP stream?
I expect something like this:
$ nc example.com 80
GET / HTTP/1.0
HTTP/1.0 500 K.O.
Content-Type: application/null
Content-Length: -1
$
Meanwhile:
# tcpdump -i eth0 --actually-dump-all-tcp
217.21....
- 17.5k
1
vote
2
answers
3k
views
Count exchanged bytes per TCP connection
I need to get a table updated with the exchanged bytes (Rx and/or Tx) for each ESTABLISHED TCP connection on a linux machine (well, at least, a list of connections (port ranges), thus not actually all)...
- 11
1
vote
1
answer
3k
views
tcpdump missing on Cygwin v1.7.7 for packet sniffing
I am trying to debug why my TCP packets are truncated. I see that only the first 24 bytes of each packet are showing up in my program. The 25th through 28th bytes are scrambled and all others after ...
- 7,988