dokucama

User Tools

Site Tools

Trace: tcpdump haproxy
network_stuff:tcpdump

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
network_stuff:tcpdump [2022/03/31 14:15] jotasandokunetwork_stuff:tcpdump [2023/11/02 14:38] (current) – external edit 127.0.0.1
Line 1: Line 1:
 **__TCPDUMP NOTES__** \\ **__TCPDUMP NOTES__** \\
 +[[https://softbackbone.duckdns.org/doku.php?id=network_stuff:tcpnotes|tcp_notes]]\\
 To write the tcpdump output in pcap format. If we Add capital W, that means rotate: To write the tcpdump output in pcap format. If we Add capital W, that means rotate:
   tcpdump -ni eth0 -s0 -w /var/tmp/capture.pcap   tcpdump -ni eth0 -s0 -w /var/tmp/capture.pcap
   tcpdump -ni eth0 -w /var/tmp/trace -W 48 -G 1800 -C 100 -K    # 48 files, either every 1800 seconds (=30 minutes) or every 100 MB, -K don't verify checksum   tcpdump -ni eth0 -w /var/tmp/trace -W 48 -G 1800 -C 100 -K    # 48 files, either every 1800 seconds (=30 minutes) or every 100 MB, -K don't verify checksum
   tcpdump -nni bond1 -w /var/tmp/trace -W 1 -G 20 -C 100 -K   tcpdump -nni bond1 -w /var/tmp/trace -W 1 -G 20 -C 100 -K
 +  tcpdump -e -r sflow_2022_new.pcap   # to read an existing pcap (remove -e if not interested in ethernet headers)
  
 After capture, transfer example:  After capture, transfer example: 
Line 24: Line 25:
   tcpdump -nni any portrange 60000-60100   tcpdump -nni any portrange 60000-60100
   tcpdump -vv -e -nni any ether proto 0x8809   # LACP   tcpdump -vv -e -nni any ether proto 0x8809   # LACP
 +  tcpdump -n -i eth0 -A -x dst port 443 and greater 100  # packet lenght
  
  
Line 93: Line 95:
  
 ---- ----
- +**LIBCAP RELATED UTILITIES** 
 +\\ 
 +  tcprewrite -C --dlt=enet --enet-smac=3a:85:a1:b3:c3:84 --enet-dmac=c2:54:cb:f2:ee:c8  -i sflow_2022_new.pcap -o rwsflow_2022_new.pcap   # this is needed when the pcap we received is linux cooked (sometimes they miss the dst mac address so we add a dummy one 
 +  tcprewrite -C --dstipmap=192.168.97.255/32:10.100.10.142/32 -i rwsflow_2022_new.pcap -o rwrwsflow_2022_new.pcap 
 +  tcpreplay -i eth0 --loop 0 xxx.pcap    
 +[[https://gist.github.com/niranjan-nagaraju/4532037]]
network_stuff/tcpdump.1648736136.txt.gz · Last modified: (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki