The UNIX and Linux Forums  

Go Back   The UNIX and Linux Forums > Special Forums > Security
How to decipher tcpdump file How to decipher tcpdump file
.
google unix.com

Forums Register Forum RulesLinksAlbums FAQ Members List Calendar Search Today's Posts Mark Forums Read


Security Discuss UNIX and Linux computer and network security, cybersecurity, cyberattacks, IT security, CISSP, OWASP and more.

More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Help with script, trying to get tcpdump and rotate the file every 300 seconds livewire Shell Programming and Scripting 3 09-10-2008 11:45 AM
Please help me decipher this header - I'm desperate! christinef UNIX for Dummies Questions & Answers 0 02-07-2005 04:33 AM
tcpdump ant04 UNIX for Dummies Questions & Answers 2 09-07-2004 07:36 PM
decipher pstack with problem lwp hosierdm SUN Solaris 5 03-10-2004 10:29 AM
TCPDump Binary File...... pydyer UNIX for Dummies Questions & Answers 8 12-18-2001 05:12 AM

 
English Japanese Spanish French German Portuguese Italian Dutch Swedish Russian Norwegian Hungarian Hebrew Danish Bulgarian Greek Powered by Powered by Google
 
LinkBack Thread Tools Search this Thread Rate Thread Display Modes
Prev Previous Post   Next Post Next
  #1 (permalink)  
Old 02-01-2005
diganta diganta is offline
Registered User
  
 

Join Date: Dec 2004
Location: India, Bangalore
Posts: 18
How to decipher tcpdump file
Hi,

I am stuck with a tricky situation in which one of my applications is flooding the network with UDP messages. The architecture of the application is not supposed to do so. Neither is there any place where the application will go into an infinite loop sending UDP messages over the network. To find out what message is being sent out, I captured the output of tcpdump to get the contents of the UDP packets sent by the application over the network. Following is a portion of the tcpdump output:

13:37:33.568065 udm > activeip: ip-proto-153 13 (DF)
4500 0021 0512 4000 fe99 01d4 2f87 2b01
0a46 1118 2547 2547 000d 735b 7000 2e04
2e00 0000 0000 0000 0000 0000 0000
13:37:33.568091 udm > activeip: ip-proto-153 13 (DF)
4500 0021 0513 4000 fe99 01d3 2f87 2b01
0a46 1118 2547 2547 000d 735b 7000 2e04
2e00 0000 0000 0000 0000 0000 0000
13:37:33.568116 udm > activeip: ip-proto-153 13 (DF)
4500 0021 0514 4000 fe99 01d2 2f87 2b01
0a46 1118 2547 2547 000d 735b 7000 2e04
2e00 0000 0000 0000 0000 0000 0000

Can anyone help me in deciphering the contents of the packets? This will help me in finding out in the code where these messages are being sent out. Do keep in mind that I am pretty new to tcpdump.

Regards,
Diganta
 

Bookmarks

« help with discovering bad passwords question | Login from browser »
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes Rate This Thread
Threaded Mode Threaded Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -4. The time now is 12:03 PM.

The UNIX and Linux Forums - Learn UNIX and UNIX Commands RSS Feeds - Contact Us - The UNIX and Linux Forums - Learn UNIX and UNIX Commands - Archive - Top

Powered by: vBulletin, Copyright ©2000 - 2006, Jelsoft Enterprises Limited. Language Translations Powered by .
vBCredits v1.4 Copyright ©2007 - 2008, PixelFX Studios
The UNIX and Linux Forums Content Copyright ©1993-2009. All Rights Reserved.Ad Management by RedTyger

Content Relevant URLs by vBSEO 3.2.0