I am capturing network traffic by using tcpdump. The problem is: I can't see all capture data when the package is too long. For example, when the tcp frame length is more than 500, I just see 100-2...

I am using the Linux command line and when I run the following command: tcpdump -n dst host destsitename tcpdump -n dst host stackoverflow.com to see if my server as source talk to this domain...

Is there any utility like tcpdump in Linux for capturing the traffic which is going over RDMA channel? (Infiniband/RoCE/iWARP)

I want to have tcpdump write raw packet data into a file and also display packet analysis into standard output as the packets are captured (by analysis I mean the lines it displays normally w...

I have two programs: server ... it generates UDP traffic on a chosen multicast listener ... it prints UDP traffic on a chosen multicast (it subscribes to a multicast and prints whatever it rece...

I always end up with this error message, "tcpdump: ioctl(SIOCIFCREATE): Operation not permitted" Any ideas to what I am doing wrong. I am running this on OS X Yosemite.

I am trying to sniff the http headers by using tcpdump. This filter works well but I can't understand it - (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0) I've g...

I am using tcpdump to get HTTP data by executing the below command: sudo tcpdump -A -s 1492 dst port 80 The result of above command: Headers, I think request and response headers. Unreadabl...

I may have done something to change my device permissions because I am getting the error: "tcpdump: en0: You don't have permission to capture on that device". The TCP portion is irrelevant because ...

I am using the following command to output IPs from live tcpdump capture sudo tcpdump -nn -q ip -l | awk '{print $3; fflush(stdout)}' >> ips.txt I get the following output 192.168.0.100.5...

I am using tcpdump to capture network packets and running into issue when I start dropping packets. I ran an application which exchanges packets rapidly over network; resulting in high network band...

How can I use tcpdump to capture Ethernet frames and display any frame sent or received by the local PC with one of the UDP, ARP, and ICMP protocols? I was trying this command: sudo tcpdump -e udp ...

The problem is: Sometimes tcpdump sees that the receiving of a UDP packet is held back until the next incoming UDP packet, although the network tap device shows it goes without delay through the ca...

I need to capture on an interface with tcpdump and filter out all arp and stp/rstp packets. I tried this command, which does filter out arp, but I still see rstp packets: tcpdump -n -i ens224 not a...

We have an HTTP client based on libuv and libopenssl for TLS, written in C++ - with it's own TCP wrapper around lubuv and HTTP parser. Usually it just works and our servers make millions of success...

I have a server to which many clients connect using SSL. Recently I'm observing SSL handshake errors in the server logs (ex SSL MAC error). The error itself is not important, but I want to se...

I want to see the absolute timestamp of the packets in a pcap file using tcpdump. When I use the command tcpdump -r mypcapfiile it only shows the time,   03:21:14.804778 IP static.vnpt.vn.51193 &...

I am working on a high-performance TCP server, and I see the server not processing fast enough on and off when I pump high traffic using a TCP client. Upon close inspection, I see spikes in "d...

I am trying to find a way to read multiple ports using tcpdump. Suppose I have two ports, p1 and p2, and I want to read the traffic moving through both ports simultaneously. Is there any way to do ...

We have Java-application and Nginx as a reverse-proxy installed on the same host. Periodically, we got CLOSE_WAIT connections hanging long time: $ ss -n4t | head State Recv-Q Send-Q Local Address:P...

I'm attempting to diagnose a network issue with tcpdump. I run the command tcpdump -i eth0 -nS host nameless.host.io When I issue either traceroute or ping commands to hit nameless.host.io I se...

I'm using following code for capturing incoming and outgoing tcp packets by ports: tcpdump -i any -s 0 -vvv -A port 3727 or port 5016 or port 3724 -w /home/admin/dump1.cap But tcpdump captures o...

Each time, when I manually run tcpdump, I have to use Ctrl+C to stop it. Now I want to schedule my tcpdump with cronjob and I only need it to run for 1 and half hours. Without manually running Ctrl...

I'm trying to add a filter to a tcpdump stream. The expression I'm trying to run is: tcpdump -i eth0 -U -w - host 192.168.2.29 and (port 22222 or port 22221 or port 80) This particular format t...

I've got a huge pcap file (100GB) and I'm interested in a small number of packets which I know are numbers 5,000,000 to 5,000,020. How can I use tcpdump to read a pcap file, filter out packets by...