Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: tcpdump question
Special Forums IP Networking tcpdump question Post 302159689 by sysgate on Friday 18th of January 2008 08:04:35 AM
Old 01-18-2008
This is kind of unclear to me, how do you create the files ? Is it >> (append) or > (redirect), what format is that ? What is the OS ? How are you sure what's happening with the connections ? What if they got closed for some reason ? Given the conditions you've posted, Connection A will be the same in the second file, but tcpdump will eavesdrop the current flow, i.e. timestamp will be different.
Please post more details, as well as log snippets, if possible, so we can answer this correctly, in case I got it wrong.
 

9 More Discussions You Might Find Interesting

1. Programming

How To Use tcpdump

I have two net-card. one is 172.16.24.99(ENG) ,another is 172.16.25.99(ENG-B). Both masks is 255.255.255.0. I will monitor data on the tcp port 8055 in ENG, How do I set option of tcpdump command (2 Replies)
Discussion started by: chenhao_no1
2 Replies

2. UNIX for Dummies Questions & Answers

tcpdump

does anybody know what the -d -dd and -ddd options are used for ? thanks (2 Replies)
Discussion started by: ant04
2 Replies

3. Cybersecurity

i would like to know about tcpdump

i would like to know about tcpdump i would like to use tcpdump to get information about these - Date - time - source hostname - source mac address - source ip address - destination ip address - see outbound only then i use command like this tcpdump -i le0 -n -q -tttt -e src net... (0 Replies)
Discussion started by: chamnanpol
0 Replies

4. IP Networking

i would like to know about tcpdump

i would like to know about tcpdump i would like to use tcpdump to get information about these - Date - time - source hostname - source mac address - source ip address - destination ip address - see outbound only then i use command like this tcpdump -i le0 -n -q -tttt -e src net... (2 Replies)
Discussion started by: chamnanpol
2 Replies

5. UNIX for Dummies Questions & Answers

tcpdump and prism headers question

Hello everyone! I installed OpenWRT on a WRT54G-TM (linux 2.4). No problem so far!. I also installed tcpdump on the box. I set the adapter in monitor mode. wlc monitor 1 It created the prism0 interface. Tcpdumpíng is also possible using this interface. root@cmWRT:/tmp# tcpdump -i... (1 Reply)
Discussion started by: aztroboy
1 Replies

6. IP Networking

Can anyone explain this tcpdump question?

Please look at the third line that the windows size is 257, but in the fourth line it sends 992 bytes. Can anyone tell me why? Thanks in advance!!! http://life.chinaunix.net/bbsfile/month_1108/1108241440ce458925d2bb6d73.png (3 Replies)
Discussion started by: cateran
3 Replies

7. IP Networking

tcpdump vs. wireshark

Hi, I am trying to capture manually crafted IP packets, created using Scapy, to a pcap file that can later be replayed using tcpreplay. When using wireshark, I can successfully capture these packets and view them in wireshark. However, when using tcpdump, these packets are then shown in... (2 Replies)
Discussion started by: yotamhc
2 Replies

8. Debian

Tcpdump Help !

Hi. Need Help with TcpDump Trying to sniff associatio-request with tcpdump but when i run this tcpdump -i eth0 wlan subtype assoc-req i get this error can anyone help me with this error ? Thanks alot !!:) (1 Reply)
Discussion started by: SoulZB
1 Replies

9. IP Networking

TCPdump

I've recently started learning to use TCPdump, and I find it pretty interesting. There's one thing I don't understand. When I tell it to capture packets on, say, the WiFi interface en1, it often captures packets sent or received by other hosts on the network. How can it do this? My... (3 Replies)
Discussion started by: Ultrix
3 Replies

LEARN ABOUT HPUX

pw_post

postwait(2)							System Calls Manual						       postwait(2)

NAME

       postwait: pw_getukid(), pw_wait(), pw_post(), pw_postv(), pw_getvmax() - lightweight synchronization mechanism

SYNOPSIS

DESCRIPTION

       Postwait  is  a fast, lightweight sleep/wakeup mechanism that can be used for synchronization by cooperating kernel threads within a single
       process or between separate processes.

       A thread calls to block.  It resumes execution when it is posted by another thread, the call expires, or is signaled.  If one or more posts
       are already pending, returns immediately.

       Threads	using postwait are identified by their ukid.  A thread retrieves its ukid by calling It shares this ukid with anyone it chooses by
       any means it considers appropriate (for example, shared memory).

       is called with a timeout ts.  If ts is NULL, the thread will not timeout.  It will remain blocked until posted or a signal wakes it up.

       If ts points to a zero-valued timespec, will return immediately with a value (and indicating whether or not it was posted.

       If ts points to a timespec whose value is greater than zero, the thread will block for that amount of time unless it is	posted	or  inter-
       rupted  by a signal, in which case the timespec pointed to by ts is updated with the remaining time.  The return value and are set to indi-
       cate the reason the call returned.

       is used to post many threads with a single call.  It posts to all threads in the targets array.	An value for each target  is  returned	in
       the errors array.  (0 indicates success.)  If the errors pointer is zero, no target-specific errors are copied out.

       There is a maximum number of threads that can be posted with a single call.  This value is returned by

       Posts sent to a kernel thread that already has a post pending against it are discarded.

RETURN VALUE

       returns 0 if it succeeds, -1 otherwise.

       returns 0 if posted, -1 otherwise.

       returns 0 if the post succeeds, -1 otherwise.

       returns 0 if every post succeeds, -1 otherwise.

       returns the maximum number of kernel threads that can be posted with a single call to

ERRORS

       sets to one of the following values if it fails:

	      ukid	     points to an illegal address.  The reliable detection of this error is implementation dependent.

       sets to one of the following values if it fails:

	      was called     with a timeout of 0 but the caller has no post(s) pending.

	      was called     with a timeout that expired.

	      ts	     points to an illegal address.  The reliable detection of this error is implementation dependent.

	      was interrupted
			     by a signal.

	      The	     timespec pointed to by ts is invalid.

       sets to one of the following values if it fails:

	      The	     ukid refers to a non-existent kernel thread.

       sets to one of the following values if it fails:

	      targets	     points to an illegal address.  The reliable detection of this error is implementation dependent.

	      errors	     points to an illegal address.  The reliable detection of this error is implementation dependent.

	      count	     is less than 0.

	      count	     exceeds the maximum value (as returned by

	      A 	     ukid refers to a non-existent kernel thread.

																       postwait(2)
All times are GMT -4. The time now is 09:40 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy