5

Filesystem writes seemingly lost

view full story
linux-howto

http://unix.stackexchange.com – I've been experimenting with tcpdump, and I've found some very bizarre filesystem behavior. It doesn't look to be a tcpdump problem as I'll explain in a second. The following command produces no file: tcpdump -w test.pcap Yet this command produces the PCAP file as expected: tcpdump -w - > test.pcap At first I figured that tcpdump must be encountering some error when writing the file that the shell wasn't, so I straced and found that the writes were occurring just fine! open("test.pcap", O_WRONLY|O_CREAT|O_TRUNC, 0666) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=0, ...}) = 0 mmap( (HowTos)

Danial's picture
Submitted by Danial on 10/24/2012 – Made popular on 10/24/2012

Stories similar to Filesystem writes seemingly lost

In the process of debugging a python irc bot that can't seem to connect, I thought "I know, I'll just tcpdump it and see what it's doing." So I ran tcpdump like I usually do and it says it's captured packets, but doesn't actually write the cap file.

akraut@lance ~/pcaps $ sudo tcpdump -w pyhole -s 0 "port 6667" tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes ^C17

Hello,

I detect these errors in my logs : Socket timeout calling url [http://server:port/bla/soap/selfcare/infoRapide] Unable to make proxyRequest

I've made a tcpdump capture this way :

Code: tcpdump -i eth0 -s 0 -w /app/captura.pcap port 8080 But I'm fairly new in reading .pcap files with wireshark... too much info for me.

When I use tcpdump on centos 6, I got a permission denied error even when I was root. My command is like this:

sudo tcpdump -i eth0 -G 10 -w test.dmp port 80

i have tried with -Z root or -Z my_username but no luck

sudo tcpdump -i eth0 -Z root -G 10 -w test.dmp port 80 sudo tcpdump -i eth0 -Z myuser_name -G 10 -w test.dmp port 80

Does anybody know how to make it work?

tcpdump command example 37 weeks 5 days ago

Hi,

I have linux server in a network with hardware firewall device with ip 192.168.1.1 in front.

we have domain http://t.exaple.com which resolves 192.168.1.10

My admin has blocked ping to 192.168.1.10

Now using tcpdump, how do I check if I am receiving the traffic or not ?

Could somebody post the command and describe how to analyses the dump results..

Hi,

Simply, I clicked on a link in an email masquerading as my IP. The next page was a 404 error page that obviously wasn't from them. I did no more and called my IP and was told the email wasn't from them and that it may be malware. I ran Clamav, with nothing found suspicious.

tcpdump and https 41 weeks 5 days ago

Why following command doesnt grab the packets to faceebook site

sudo tcpdump host facebook.com and dst port 443

but next grabs

sudo tcpdump host java.com

little help to understand pcap 1 year 12 weeks ago

Hi

I need to write a program that would take the output file of tcpdump and print its content to stdout in hex form, after that I have to do some analyzing, like if the comunication is SSH, FTP, HTTT... , ethernet type ... etc.

I don't want the entire code but some hint or explanation of how it works and how should I do it.

On a second thought, maybe little code fragment would by nice to see ;)

Hi, I'm writing a script, in the script I need to use tcpdump to capture some packets however it needs root priviledge my computer is configured by school and I have no real root priviledge

so I can't use sudo on my computer,like Code: sudo tcpdump ......

I created a tcpdump file:

tcpdump -i eth0 host xxx.208.xxx.59 -n -s 0 -vvv -w /tmp/dump.dmp

duration was about 3 hours.

This file now has 450 MB. Can I say now that the IP xxx.208.xxx.59 generated 450 MB traffic in 3 hours?