9 More Discussions You Might Find Interesting
1. IP Networking
I've recently started learning to use TCPdump, and I find it pretty interesting. There's one thing I don't understand. When I tell it to capture packets on, say, the WiFi interface en1, it often captures packets sent or received by other hosts on the network. How can it do this? My... (3 Replies)
Discussion started by: Ultrix
3 Replies
2. Cybersecurity
Hello everyone, so I'm getting this tcpdump, and it looks like..quite a mess... Can anyone decipher this? I can tell that one IP is requesting DNS info? but I'm having trouble finding out what some of the fields actually mean..
19:44:50.707637 IP 66.81.1.252.53 > 64.147.113.139.28638: 52313... (4 Replies)
Discussion started by: Lost in Cyberia
4 Replies
3. Debian
Hi.
Need Help with TcpDump
Trying to sniff associatio-request with tcpdump but when i run this tcpdump -i eth0 wlan subtype assoc-req i get this error
can anyone help me with this error ? Thanks alot !!:) (1 Reply)
Discussion started by: SoulZB
1 Replies
4. IP Networking
i would like to know about tcpdump
i would like to use tcpdump to get information about these
- Date
- time
- source hostname
- source mac address
- source ip address
- destination ip address
- see outbound only
then i use command like this
tcpdump -i le0 -n -q -tttt -e src net... (2 Replies)
Discussion started by: chamnanpol
2 Replies
5. Cybersecurity
i would like to know about tcpdump
i would like to use tcpdump to get information about these
- Date
- time
- source hostname
- source mac address
- source ip address
- destination ip address
- see outbound only
then i use command like this
tcpdump -i le0 -n -q -tttt -e src net... (0 Replies)
Discussion started by: chamnanpol
0 Replies
6. IP Networking
Hi, I got the following question regarding tcpdump and I would appreciate your help/feedback:
--Scenario
I am instructed to capture the network traffic by getting the tcpdump data/files of our network for every hour.
--Problem
Some of the connections are still open when the capture is done... (1 Reply)
Discussion started by: jinsunnyvale
1 Replies
7. Shell Programming and Scripting
I wrote a short BASH script to run tcpdump and save the output to a log file for when I'm away from my desk. The script runs fine normally, but fails to start in cron. Any ideas?
#!/bin/bash
today=`date +%Y%m%d`
tcpdump -i eth0 -s 1500 -w ${today}.cap &
exit (5 Replies)
Discussion started by: paulzeromi
5 Replies
8. UNIX for Dummies Questions & Answers
does anybody know what the -d -dd and -ddd options are used for ?
thanks (2 Replies)
Discussion started by: ant04
2 Replies
9. Programming
I have two net-card. one is 172.16.24.99(ENG) ,another is 172.16.25.99(ENG-B). Both masks is 255.255.255.0.
I will monitor data on the tcp port 8055 in ENG, How do I set option of tcpdump command (2 Replies)
Discussion started by: chenhao_no1
2 Replies
ENC(4) BSD Kernel Interfaces Manual ENC(4)
NAME
enc -- Encapsulating Interface
SYNOPSIS
To compile this driver into the kernel, place the following line in your kernel configuration file:
device enc
DESCRIPTION
The enc interface is a software loopback mechanism that allows hosts or firewalls to filter ipsec(4) traffic using any firewall package that
hooks in via the pfil(9) framework.
The enc interface allows an administrator to see incoming and outgoing packets before and after they will be or have been processed by
ipsec(4) via tcpdump(1).
The ``enc0'' interface inherits all IPsec traffic. Thus all IPsec traffic can be filtered based on ``enc0'', and all IPsec traffic could be
seen by invoking tcpdump(1) on the ``enc0'' interface.
What can be seen with tcpdump(1) and what will be passed on to the firewalls via the pfil(9) framework can be independently controlled using
the following sysctl(8) variables:
Name Defaults Suggested
net.enc.out.ipsec_bpf_mask 0x00000003 0x00000001
net.enc.out.ipsec_filter_mask 0x00000001 0x00000001
net.enc.in.ipsec_bpf_mask 0x00000001 0x00000002
net.enc.in.ipsec_filter_mask 0x00000001 0x00000002
For the incoming path a value of 0x1 means ``before stripping off the outer header'' and 0x2 means ``after stripping off the outer header''.
For the outgoing path 0x1 means ``with only the inner header'' and 0x2 means ``with outer and inner headers''.
incoming path |------|
---- IPsec processing ---- (before) ---- (after) ----> | |
| Host |
<--- IPsec processing ---- (after) ----- (before) ---- | |
outgoing path |------|
Most people will want to run with the suggested defaults for ipsec_filter_mask and rely on the security policy database for the outer head-
ers.
EXAMPLES
To see the packets the processed via ipsec(4), adjust the sysctl(8) variables according to your need and run:
tcpdump -i enc0
SEE ALSO
tcpdump(1), bpf(4), ipf(4), ipfw(4), ipsec(4), pf(4), tcpdump(8)
BSD
November 28, 2007 BSD