Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Need Help with this TCPDUMP output...
Special Forums Cybersecurity Need Help with this TCPDUMP output... Post 302885338 by Lost in Cyberia on Friday 24th of January 2014 08:05:23 PM
Old 01-24-2014
Need Help with this TCPDUMP output...
Hello everyone, so I'm getting this tcpdump, and it looks like..quite a mess... Can anyone decipher this? I can tell that one IP is requesting DNS info? but I'm having trouble finding out what some of the fields actually mean..

Code:
19:44:50.707637 IP 66.81.1.252.53 > 64.147.113.139.28638: 52313 243/2/7 SOA, A 204.46.43.46, A 204.46.43.47, A 204.46.43.48, A 204.46.43.49, A 204.46.43.50, A 204.46.43.51, A 204.46.43.52, A 204.46.43.53, A 204.46.43.54, A 204.46.43.55, A 204.46.43.56, A 204.46.43.57, A 204.46.43.58, A 204.46.43.59, A 204.46.43.60, A 204.46.43.61, A 204.46.43.62, A 204.46.43.63, A 204.46.43.64, A 204.46.43.65

I know the first set of numbers if the time stamp...the 2nd is the IP address..and the next is the destination IP...with the port number after the semicolon. What comes next the '243/2/7 is what confuses me... I know SOA is the start of authority but what does it all mean together? I have a huuuge flood of traffic with these type of output..Can some one break this down for me?
 

10 More Discussions You Might Find Interesting

1. Programming

How To Use tcpdump

I have two net-card. one is 172.16.24.99(ENG) ,another is 172.16.25.99(ENG-B). Both masks is 255.255.255.0. I will monitor data on the tcp port 8055 in ENG, How do I set option of tcpdump command (2 Replies)
Discussion started by: chenhao_no1
2 Replies

2. UNIX for Dummies Questions & Answers

tcpdump

does anybody know what the -d -dd and -ddd options are used for ? thanks (2 Replies)
Discussion started by: ant04
2 Replies

3. Shell Programming and Scripting

Tcpdump in cron

I wrote a short BASH script to run tcpdump and save the output to a log file for when I'm away from my desk. The script runs fine normally, but fails to start in cron. Any ideas? #!/bin/bash today=`date +%Y%m%d` tcpdump -i eth0 -s 1500 -w ${today}.cap & exit (5 Replies)
Discussion started by: paulzeromi
5 Replies

4. Shell Programming and Scripting

analyzing tcpdump output

hello, i have a lot of pcap files (tcpdump output) that i want to compare. every tcpdump output has two file, server and client. what i want to do is: 1. take timestamp, source address, destination address, and packet id from each file (server and client) 2. find the packets sent from... (0 Replies)
Discussion started by: slumpia
0 Replies

5. Cybersecurity

i would like to know about tcpdump

i would like to know about tcpdump i would like to use tcpdump to get information about these - Date - time - source hostname - source mac address - source ip address - destination ip address - see outbound only then i use command like this tcpdump -i le0 -n -q -tttt -e src net... (0 Replies)
Discussion started by: chamnanpol
0 Replies

6. IP Networking

i would like to know about tcpdump

i would like to know about tcpdump i would like to use tcpdump to get information about these - Date - time - source hostname - source mac address - source ip address - destination ip address - see outbound only then i use command like this tcpdump -i le0 -n -q -tttt -e src net... (2 Replies)
Discussion started by: chamnanpol
2 Replies

7. Shell Programming and Scripting

write a script to parse some tcpdump output

i am trying to write a script to parse some tcpdump output, in each line of the tcpdump output, I know for sure there are 3 keywords exist: User{different usernamehere} NAS_ipaddr{different ip here} Calling_station{ip or dns name here} But the positions for these 3 keywords in the... (4 Replies)
Discussion started by: fedora
4 Replies

8. IP Networking

tcpdump vs. wireshark

Hi, I am trying to capture manually crafted IP packets, created using Scapy, to a pcap file that can later be replayed using tcpreplay. When using wireshark, I can successfully capture these packets and view them in wireshark. However, when using tcpdump, these packets are then shown in... (2 Replies)
Discussion started by: yotamhc
2 Replies

9. Debian

Tcpdump Help !

Hi. Need Help with TcpDump Trying to sniff associatio-request with tcpdump but when i run this tcpdump -i eth0 wlan subtype assoc-req i get this error can anyone help me with this error ? Thanks alot !!:) (1 Reply)
Discussion started by: SoulZB
1 Replies

10. IP Networking

TCPdump

I've recently started learning to use TCPdump, and I find it pretty interesting. There's one thing I don't understand. When I tell it to capture packets on, say, the WiFi interface en1, it often captures packets sent or received by other hosts on the network. How can it do this? My... (3 Replies)
Discussion started by: Ultrix
3 Replies

LEARN ABOUT XFREE86

pts_listentries

PTS_LISTENTRIES(1)					       AFS Command Reference						PTS_LISTENTRIES(1)

NAME

       pts_listentries - Displays all users or groups in the Protection Database

SYNOPSIS

       pts listentries [-users] [-groups] [-cell <cell name>]
	   [-noauth] [-localauth] [-force] [-help]

       pts liste [-u] [-g] [-c <cell name>] [-n] [-l]
		    [-f] [-h]

DESCRIPTION

       The pts listentries command displays the name and AFS ID of all Protection Database entries of the indicated type. It also displays the AFS
       ID of each entry's owner and creator.

       To display all user and machine entries, either include the -users flag or omit both it and the -groups flag.  To display all group
       entries, include the -groups flag. To display all entries, provide both flags.

OPTIONS

       -users
	   Displays user and machine entries.

       -groups
	   Displays group entries.

       -cell <cell name>
	   Names the cell in which to run the command. For more details, see pts(1).

       -force
	   Enables the command to continue executing as far as possible when errors or other problems occur, rather than halting execution at the
	   first error.

       -help
	   Prints the online help for this command. All other valid options are ignored.

       -localauth
	   Constructs a server ticket using a key from the local /etc/openafs/server/KeyFile file. Do not combine this flag with the -cell or
	   -noauth options. For more details, see pts(1).

       -noauth
	   Assigns the unprivileged identity anonymous to the issuer. For more details, see pts(1).

OUTPUT

       The output includes a line for each entry, with information in four columns that have the following headers:

       Name
	   The entry's name.

       ID  The entry's AFS ID (AFS UID for a user or machine, negative AFS GID for a group).

       Owner
	   The AFS ID of the user or group that owns the entry.

       Creator
	   The AFS ID of the user who created the entry (the system:administrators group is listed as the creator of the entry for "anonymous" and
	   the system groups, but it is not otherwise possible for a group to create groups).

       In general, the entries appear in the order in which they were created.

EXAMPLES

       The following example displays both user and group entries.

	  % pts listentries -users -groups
	  Name				ID  Owner Creator
	  system:administrators       -204   -204    -204
	  system:anyuser	      -101   -204    -204
	  system:authuser	      -102   -204    -204
	  anonymous		     32766   -204    -204
	  admin 			 1   -204   32766
	  pat			       100   -204	1
	  smith 		       101   -204	1
	  pat:friends		      -206    100     100
	  staff 		      -207   -204	1

PRIVILEGE REQUIRED

       The issuer must belong to the system:administrators group.

SEE ALSO

       pts(1), pts_creategroup(1), pts_createuser(1), pts_examine(1)

COPYRIGHT

       IBM Corporation 2000. <http://www.ibm.com/> All Rights Reserved.

       This documentation is covered by the IBM Public License Version 1.0.  It was converted from HTML to POD by software written by Chas
       Williams and Russ Allbery, based on work by Alf Wachsmann and Elizabeth Cassell.

OpenAFS 							    2014-04-08							PTS_LISTENTRIES(1)
All times are GMT -4. The time now is 04:50 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy