packet-analyzer questions - Page 1

Flint

Asked: 2011-12-05 09:45:05 +0800 CST

How to list all requests to udp sockets?

11

I'm operating a couple of server daemons that use udp to communicate with large number of clients. How do I find and list out all the active udp "connections" that are talking to the servers in order to estimate the num of active clients that are connected to the server daemons? I couldn't think of an easy way to do this besides sniffing the packets with tshark or tcpdump and look at the source ip of udp packets going to the server daemons and yes, I know UDP is connectionless and stateless protocol.

Mike

Asked: 2010-10-29 09:55:17 +0800 CST

Monitor number of bytes transferred to/from IP address on port

21

Can anyone recommend a linux command line tool to monitor the number of bytes transferred between the local server and a specified IP address/port.

The equivalent tcpdump command would be:

tcpdump -s 0 -i any -w mycapture.trc port 80 host google.com

which outputs :

46 packets captured
131 packets received by filter
0 packets dropped by kernel

I'd like something similar that outputs:

54 bytes out, 176 bytes in

I'd like it to work on RHEL and be free/open-source. It would be good if there was an existing tool which I was just missing too!

Mike B

Asked: 2010-10-20 14:36:56 +0800 CST

How can I search the info column in Wireshark?

18

Wireshark | Windows

I want to search a packet capture of SMTP traffic for specific addresses/messages. Normally, I just sort the info column and browse but it would be nice if I could just run a search or filter for the specific string I'm looking for.

Is there a way to do this in Wireshark?

Chris Lercher

Asked: 2010-03-14 03:00:04 +0800 CST

Debugger for Iptables

51

I'm looking for an easy way to follow a packet through the iptables rules. This is not so much about logging, because I don't want to log all traffic (and I only want to have LOG targets for very few rules).

Something like Wireshark for Iptables. Or maybe even something similar to a debugger for a programming language.

Thanks Chris

Note: It doesn't have to be a fancy GUI tool. But it must do more than just showing a package counter or so.

Update: It almost looks as if we can't find anything that provides the functionality that is asked for. In that case: Let's at least find a good technique that's based on iptables logging - which can be easily turned on and off, and doesn't require to write iptables rules redundantly (having to write the same rule for -j LOG and -j ...)

Nick Fortescue

Asked: 2009-07-18 07:18:54 +0800 CST

Change protocol associated with port in wireshark

23

I'm trying to monitor some web traffic using wireshark. Our web proxy is on port 9191. How can I get the wireshark view to treat port 9191 just like port 80 - ie as HTTP.

Just using Decode_As on the menu seems to allow half the conversation but only one side.

Any suggestions how to make this a permanent option?

How to list all requests to udp sockets?

Monitor number of bytes transferred to/from IP address on port

How can I search the info column in Wireshark?

Debugger for Iptables

Change protocol associated with port in wireshark

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Questions[packet-analyzer](server)