I am using windows 10 bash to use tcpdump
From tutorial i found that to listen to a interface command is:
tcpdump -i eth0 //eth0 is ethernet interface
tcpdump -i any // to listen to any interface
In both cases I am getting tcpdump: socket: Invalid argument error.
NOTE:
tcpdump -D
does not print anything on console.
Based on https://github.com/Microsoft/WSL/issues/69, this is a limitation of the current Windows Subsystem for Linux. The Fall Creators update added a lot of functionality, but tcpdump still does not work.
Try nmap. It will output a page of errors but eventually works.
sudo nmap -sP 192.168.1.0/24
WSL, while utilizing Linux, is not a "true" Linux based operating system yet.
Related
OS: Ubuntu14.04 64 bit
I have a strange problem occuring on machines with Nvidia cards running Ubuntu 14.04 64 bit.
The mount command works when using the IP address but fails when using the host name
Not-working command :
sudo -S mount -t cifs //share.test.com/LAB/Testing/Path1/Path2/Requisite/ -o username=blabla,password=blabla /mnt/src_shar_lnx
the error being
mount: wrong fs type, bad option, bad superblock on //share.test.com/LAB/Testing/Path1/Path2/Requisite/ ,
missing codepage or helper program, or other error
(for several filesystems (e.g. nfs, cifs) you might
need a /sbin/mount.<type> helper program)
In some cases useful info is found in syslog - try
dmesg | tail or so
The above command works seamlessly on other machines without Nvidia cards.
Working command:
sudo -S mount -t cifs //192.168.200.1/LAB/Testing/Path1/Path2/Requisite/ -o username=blabla,password=blabla /mnt/src_shar_lnx
Resolved.
installing cifs-utils solved the problem
I'm piping from a RawCap-generated dump file to Wireshark in order to monitor local traffic, how can I instruct wireshark to only show traffic to a certain destination port?
I'm running RawCap in one Cygwin shell, and Wireshark in another to monitor RawCap's output:
Shell 1:
RawCap.exe -f 127.0.0.1 dumpfile.pcap
Shell 2:
# How do I tell Wireshark to show only traffic to port 10000?
tail -c +0 -f dumpfile.pcap | Wireshark.exe -k -i -
The appropriate flag for instructing wireshark to filter the displayed packets is -Y, as its man page reports:
-Y <display filter> start with the given display filter
For filtering the destination port of TCP, use tcp.dstport==X where X specifies the port.
Therefore, the full command is:
tail -c +0 -f dumpfile.pcap | wireshark -k -i - -Y "tcp.dstport==10000"
This is a good starting point for information on display filters. A full reference on the subject is available here and a detailed explanation of its syntax is available here. However, it's worth noting that most basic filters can be found via a simple online search.
I'm trying to use wireshark, my OS is debian, but when i want to have a capture it doesn't work , and i get this message: There are no interfaces on which a capture can be done.
NB: ~ I do have connected interfaces.
~If I try to run wireshark using a shell as root i get: No protocol specified
(wireshark:4515): Gtk-WARNING **: cannot open display: :0
So what's the problem?
thanks for yur replies
my OS is debian
sudo dpkg-reconfigure wireshark-common
sudo usermod -a -G wireshark $USER
and then log out and log back in again.
A HTTP request is coming your way, hitting your machine on a port( assumed that you know the request url/route and the port)
what is a simple and quick tool which helps you watch its headers, parameters being passed, using any language, or any tiny web server proxy, any tool.
Being a ruby/rails guy, I quickly created a rails app, set its routes, ran it, and simply followed its logs.
Curious to know how other web app developers deal with this.
I use WireShark and it is very easy and configurable.
If you use debian or derivates:
sudo apt-get install wireshark
else:
http://www.wireshark.org/docs/wsug_html_chunked/ChapterBuildInstall.html
I'd do this with tcpdump. See the man page. There is also a version for windows.
edit
here's the requested example: tcpdump port 80 (yes, it's that simple). Run it with sudo or as root, otherwise you'll get no suitable device found.
If you need more verbose output, add -v or -vv.
Here is how to use wireshark on a Debian-derived GNU/Linux distro:
$ sudo apt-get install wireshark wireshark-doc
$ sudo dumpcap -i eth0
Ctrl+C
$ sudo chmod 644 /tmp/wireshark_pcapng_eth0...
$ wireshark /tmp/wireshark_pcapng_eth0...
How can I check, how many connections are established for example on port 80 and then write it to the file using bash console?
I've read that netstat can do this, but I can not find , what exactly should I do with that, as I'm newbie on "Unix" systems.
You probably want sockstat if you're on FreeBSD:
sockstat -c -L -P tcp -p 80