Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: TCPdump
Special Forums IP Networking TCPdump Post 302951385 by gwillie on Wednesday 5th of August 2015 09:56:01 PM
Old 08-05-2015
In order to know a packet is not for it, it reads the destination mac address in the frame. You are in promiscuous mode so interface will accept all frames regardless of destination, reconstitute to a packet and send to cpu
 

9 More Discussions You Might Find Interesting

1. Programming

How To Use tcpdump

I have two net-card. one is 172.16.24.99(ENG) ,another is 172.16.25.99(ENG-B). Both masks is 255.255.255.0. I will monitor data on the tcp port 8055 in ENG, How do I set option of tcpdump command (2 Replies)
Discussion started by: chenhao_no1
2 Replies

2. UNIX for Dummies Questions & Answers

tcpdump

does anybody know what the -d -dd and -ddd options are used for ? thanks (2 Replies)
Discussion started by: ant04
2 Replies

3. IP Networking

tcpdump question

Hi, I got the following question regarding tcpdump and I would appreciate your help/feedback: --Scenario I am instructed to capture the network traffic by getting the tcpdump data/files of our network for every hour. --Problem Some of the connections are still open when the capture is done... (1 Reply)
Discussion started by: jinsunnyvale
1 Replies

4. Cybersecurity

i would like to know about tcpdump

i would like to know about tcpdump i would like to use tcpdump to get information about these - Date - time - source hostname - source mac address - source ip address - destination ip address - see outbound only then i use command like this tcpdump -i le0 -n -q -tttt -e src net... (0 Replies)
Discussion started by: chamnanpol
0 Replies

5. IP Networking

i would like to know about tcpdump

i would like to know about tcpdump i would like to use tcpdump to get information about these - Date - time - source hostname - source mac address - source ip address - destination ip address - see outbound only then i use command like this tcpdump -i le0 -n -q -tttt -e src net... (2 Replies)
Discussion started by: chamnanpol
2 Replies

6. Linux

Capturing TCPDUMP

Hi, I want to capture TCPDUMP of traffic, I tried doing this but did not find success..can anyone plz correct it. # tcpdump -s0 -vv -w /home/osuresh/test_tcp_dump host 10.12.10.22 && port 161 bash: tcpdump: command not found # tcpdump -s0 -vv -w /home/osuresh/test_tcp_dump host... (5 Replies)
Discussion started by: sureshcisco
5 Replies

7. UNIX for Dummies Questions & Answers

tcpdump -i any does not work

Hi Everyone, anyone face "tcpdump -i any" does not work? i mean if i use -i eth0, can capture eth0, or use -i eth1 also can. but then tcpdump -i any, seems cannot capture packets. :confused: please advice, thanks (2 Replies)
Discussion started by: jimmy_y
2 Replies

8. Shell Programming and Scripting

TCPdump script

I'm new to the Unix/Linux world. I have taken classes and played with a few simple scripts but never had a real world application. Here is my problem. What I need to do is every 15min between 8am and 5pm, run tcpdump -s 2000 -w flowroute-0000.pcap where the "0000" is the current time. ... (4 Replies)
Discussion started by: Nasasdge
4 Replies

9. Debian

Tcpdump Help !

Hi. Need Help with TcpDump Trying to sniff associatio-request with tcpdump but when i run this tcpdump -i eth0 wlan subtype assoc-req i get this error can anyone help me with this error ? Thanks alot !!:) (1 Reply)
Discussion started by: SoulZB
1 Replies

LEARN ABOUT DEBIAN

faifa

FAIFA(8)							    User manual 							  FAIFA(8)

NAME

       faifa - configure HomePlug 1.0/AV devices

SYNOPSIS

       faifa [OPTIONS]
       -i   specify network interface to use
       -m   show the menu asking for known MM types
       -a   destination MAC address to send frames to
       -k   network key to set
       -v   be verbose (default: no)
       -e   set error stream (default: stderr)
       -o   set output stream (default: stdout)
       -s   set input stream (default: stdin)
       -h   show the usage

DESCRIPTION

       faifa  can configure any Intellon-based PowerLine Communication device using the Intellon INT5000 and INT6000 HomePlug AV (200Mbits) chips.
       It supports all Intellon-specific management and control frames.

MENU COMMANDS

       -i   specify network interface to use
       -m   show the menu asking for known MM types
       -a   destination MAC address to send frames to
       -k   network key to set
       -v   be verbose (default: no)
       -e   set error stream (default: stderr)
       -o   set output stream (default: stdout)
       -s   set input stream (default: stdin)
       -h   show the usage

       HomePlug AV protocol

	      The HomePlug AV protocol was developed by Intellon and specifies how the powerline PHY layer and HPAV  MAC  layer  can  converge	to
	      allow  Ethernet  frames to be sent on the medium. It handles all the low-level modulation and constellation building plus the Medium
	      Access Control handling between devices.	The HomePlug AV network topology consists of one coordinator (called CCo) for a given log-
	      ical  HPAV  network (i.e: with the same Network Encryption Key) and none or several stations (called STAs). Other devices can have a
	      specific role which is a bridge, between several logical networks.

	      ------------------------------------
	      | HomePlug PHY			 |
	      ------------------------------------
	      | HomePlug MAC convergence layer	 |
	      ------------------------------------
	      | Ethernet MAC layer		 |
	      ------------------------------------

	      It is possible to configure the HPAV MAC convergence layer by using specific Ethernet frames with the 0x88e1 Ethertype. Such  frames
	      will be interpreted by the Intellon controller present in the devices and are known as control or management frames.

	      Such  frames can be either protocol specific (i.e: common to all HPAV implementations) or vendor specific. There is no convention to
	      specify whether an HPAV configuration and management frame is vendor specific or not. Most implementations will share a common  for-
	      mat for basic network operations like setting the Network Management Key or the Encryption Key.

	      A HomePlug AV management frame is described below :

		   8 bits	  16 bits
	      ---------------------------------------------------
	      | MM version |	       MM type			|
	      ---------------------------------------------------
	      | 	OUI (24 bits)				|
	      ---------------------------------------------------
	      | 	Payload   (var) 			|
	      ---------------------------------------------------

	      The  payload is highly dependent on the implementation though most vendors will try to define a common template for it. Such manage-
	      ment frame should be encapsulated in standard ethernet frames with the 0x88e1 ethertype.

	      Faifa operations

	      Faifa basically performs 3 main operations :

	      - send all vendor and protocol specific frames with the corresponding parameters
	      - dump all vendor and HomePlug 1.0/AV frames with the appropriate frame parsing
	      - discover the HPAV network topology

	      The available vendor specific operations are stored in an array of struct hpav_frame_ops. For each entry the mmtype and the descrip-
	      tion is specified, with possible callbacks to handle frame initialization and dump function.

	      Using the faifa library

	      Faifa is also provided as shared library (so file) and static library so that you can link programs with to send HomePlug AV frames.
	      The library allows you, specifying a given mmtype to send the corresponding HPAV frame to a given device.

	      Linking with faifa

	      You should include faifa.h into your C source file and then you can directly call functions that are provided by the faifa  library.
	      When linking with the faifa library, make sure your linker flags include "-lfaifa" or the absolute path of the shared object to make
	      sure your program will successfully link.

	      Sending frames using do_frame

	      The main function you want to call is do_frame and pass it the MMtype and destination MAC address you want to  send  the	frame  to.
	      This function will :

	      - lookup the mmtype by reading the array containing available frame operations
	      - initialize the frame header (MM version, type, source and destination MAC addresses)
	      - call the initialisation function (if needed) to let the user input the parameters (or any other input method)
	      - calculate the appropriate frame size
	      - send it to the device
	      - close the network socket descriptor

	      This function propagates the return code from the write command on the socket descriptor.

	      Receiving frames using do_receive_frame

	      This function will listen for received frames on the specified interface and will :

	      - check that the ethertype is set to 0x88e1 otherwise it will discard the frame
	      - cast the received packet to an HPAV management frame structure
	      - lookup for the received MM type into the arrays of known response/indications
	      - call the frame parsing function (based on the mmtype) accordingly

	      You  will  probably  want  to  set  the  network	descriptor in reading mode non-blocking. Faifa uses this function with a call to a
	      pcap_loop method inside a dedicated thread to receive all frames.

SEE ALSO

       ifconfig(8)

AUTHORS

       Florian Fainelli <florian@openwrt.org>, Xavier Carcelle <xavier.carcelle@gmail.com>, Nicolas Thill <nico@openwrt.org>

Linux								    April 2011								  FAIFA(8)
All times are GMT -4. The time now is 06:38 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy