|
|
Sponsored Content
Special Forums
Cybersecurity
How to decipher tcpdump file
Post 61809 by Neo on Wednesday 9th of February 2005 12:41:05 AM
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
I have a file on a linux box with the extension .gz thats supposed to be a gzip file. when i use gzip -d filename
it gives me squares and triangles and you know garbarge. Its a 900 meg file. Is there someway to decode the file and where could I store a 900 meg file for free???? I am going to... (8 Replies)
Discussion started by: pydyer
8 Replies
2. UNIX for Dummies Questions & Answers
I've got a really weird situation here.... the same IP address keeps popping up in porn spam that I have rec'd in 2 different email accts. It looks to me like it's coming from UC Davis, and I suspect someone there, so I am hoping you all can verify the same thing before I call the person on this... (0 Replies)
Discussion started by: christinef
0 Replies
3. Shell Programming and Scripting
Greetings, I just started using scripting languages,
im trying to get a tcpdump in a file, change the
file name every 5mins ... this is what i have but its
not working ... any suggestions?
#!/bin/bash
# timeout.sh
#timestamp format
TIMESTAMP=`date -u "+%Y%m%dT%H%M%S"`
#tdump =`tcpdump... (3 Replies)
Discussion started by: livewire
3 Replies
4. HP-UX
hi,
if I do top, I get
Memory: 19277012K (5868296K) real, 33860312K (11294208K) virtual, 795392K free
If I do swapinfo -tm I get:
% swapinfo -tm
Mb Mb Mb PCT
TYPE AVAIL USED FREE USED
dev 16384 0 16383 0%
dev ... (3 Replies)
Discussion started by: JamesByars
3 Replies
5. IP Networking
I am trying to capture tcpdump for traffic to a port in a file but this does not seem to capture all the packets. Command I use is :
tcpdump -w tdump.dat port 22
Why is it not capturing all the packets ?
Here is my experiment:
root@pmode-client6 adc-demo]# tcpdump port 22
tcpdump:... (5 Replies)
Discussion started by: radiatejava
5 Replies
6. Shell Programming and Scripting
Hi Guys,
I am running solaris and I need help in deciphering the following commands:
dir_t1=`echo $0|nawk -F'/' '{print NF}'`
dir_t2=`expr $dir_t1- 1`
dir_t3=`echo $0|cut -d'/' -f1-$dir_t2`
export dir_t2
What will be the value for dir_t3?
Please help !!!!!!!!!!!!!!! (5 Replies)
Discussion started by: Phuti
5 Replies
7. Shell Programming and Scripting
Guys,
I am going through an existing code in production and found the following lines. I have used "sed" before but am unable to decipher the following statement. :(
echo ${F_NAME} | sed 's/\(.*\)............/\1/'
Any help is greatly appreciated.
Cheers,
Sid (6 Replies)
Discussion started by: sid1982
6 Replies
8. UNIX for Advanced & Expert Users
Two question here, but it's only one on the protocol point of view.
If two persons use the same key to connect to a SSH server is there a risk they can decipher the other tunnel. In other terms is that less safe than if they have two separate keys.
Same question if two persons use the same user... (2 Replies)
Discussion started by: moi
2 Replies
9. Shell Programming and Scripting
ssh-add -t 30 >/dev/null 2>&1
LOGNAME=`whoami`
cp $HOME/.ssh/known_hosts $HOME/.ssh/known_hosts.org grep -v localhost
$HOME/.ssh/known_hosts.org > $HOME/.ssh/known_hosts
ssh -1 -f -l $LOGNAME -o "ForwardX11 yes" -o "StrictHostKeyChecking no"
-L 6003:1.1.1.1:2222 ext-proxy-2 sleep 5... (1 Reply)
Discussion started by: llcooljatt
1 Replies
10. SuSE
ssh-add -t 30 >/dev/null 2>&1
LOGNAME=`whoami`
cp $HOME/.ssh/known_hosts $HOME/.ssh/known_hosts.org
grep -v localhost $HOME/.ssh/known_hosts.org > $HOME/.ssh/known_hosts
ssh -1 -f -l $LOGNAME -o "ForwardX11 yes" -o "StrictHostKeyChecking no" -L 6003:195.244.210.107:2222 ext-proxy-2 sleep 5... (7 Replies)
Discussion started by: llcooljatt
7 Replies
LEARN ABOUT DEBIAN
if_enc
ENC(4) BSD Kernel Interfaces Manual ENC(4) NAME
enc -- Encapsulating Interface SYNOPSIS
To compile this driver into the kernel, place the following line in your kernel configuration file: device enc DESCRIPTION
The enc interface is a software loopback mechanism that allows hosts or firewalls to filter ipsec(4) traffic using any firewall package that hooks in via the pfil(9) framework. The enc interface allows an administrator to see incoming and outgoing packets before and after they will be or have been processed by ipsec(4) via tcpdump(1). The ``enc0'' interface inherits all IPsec traffic. Thus all IPsec traffic can be filtered based on ``enc0'', and all IPsec traffic could be seen by invoking tcpdump(1) on the ``enc0'' interface. What can be seen with tcpdump(1) and what will be passed on to the firewalls via the pfil(9) framework can be independently controlled using the following sysctl(8) variables: Name Defaults Suggested net.enc.out.ipsec_bpf_mask 0x00000003 0x00000001 net.enc.out.ipsec_filter_mask 0x00000001 0x00000001 net.enc.in.ipsec_bpf_mask 0x00000001 0x00000002 net.enc.in.ipsec_filter_mask 0x00000001 0x00000002 For the incoming path a value of 0x1 means ``before stripping off the outer header'' and 0x2 means ``after stripping off the outer header''. For the outgoing path 0x1 means ``with only the inner header'' and 0x2 means ``with outer and inner headers''. incoming path |------| ---- IPsec processing ---- (before) ---- (after) ----> | | | Host | <--- IPsec processing ---- (after) ----- (before) ---- | | outgoing path |------| Most people will want to run with the suggested defaults for ipsec_filter_mask and rely on the security policy database for the outer head- ers. EXAMPLES
To see the packets the processed via ipsec(4), adjust the sysctl(8) variables according to your need and run: tcpdump -i enc0 SEE ALSO
tcpdump(1), bpf(4), ipf(4), ipfw(4), ipsec(4), pf(4), tcpdump(8) BSD
November 28, 2007 BSD