how can tell tcpdump to not include the port numbers in the output? Right now it includes the resolved IP + resolved port. I just need the resolved IP address (hostnames)
I'm running a KVM instance inside of OpenStack, and it isn't getting an IP address from the DHCP server.
Using tcpdump, I can see the request and reply packets on vnet0 of the compute host:
# tcpdump -i vnet0 -n port 67 or port 68
tcpdump: WARNING: vnet0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vnet0, link-type EN10MB (Ethe
tcpdump -v src host <IP address> and port <port number> >>out.txt 2>>err.txt -w capture.cap
on multiple IP-s while the other parts of the script initiates some traffic in the background.
We want check if packets are coming back to us, and examine manually only those cases when we receive packages.
Can I use tcpdump to detect Aborted connections on port 80 (Apache) originating from a specific IP (my remote IP). I can reproduce the Aborted connection in my web browser, but I have no way to verify if the request is getting to my server. I tried this, but couldn't really tell if a connection was Aborted.
tcpdump -n -i eth0 -s 0 src or dst port 80|grep -F "XXX.XXX.XXX.XXX"