Is it possible to specify the time for how long the tcpdump should measure the received and sent packets?
I know that the command
tcpdump -c 100
specifies that the tcpdump should stop after it received 10 packets. I would like to specify that tcpdump stops after for example 5 minutes
You can use -G (rotating dump file every x seconds) + -W (number of files to rotate)
tcpdump -G 300 -W 1 -w file.dump
Related
I would like to do a TCP DoS attack using iperf in my simulated network. (I use mininet). The only code that I could find is the following command for making UDP burst traffic in my network which is not relevant.
(host1: 10.0.0.1) iperf -s
(host2: 10.0.0.2) iperf -c 10.0.0.1 -b 30M -l 1200
Please let me know if there is a better code to do the TCP DoS attack using iperf or even if, there is any other code or approach to make TCP traffic as an attack.
Thanks in advance.
The only thing I could do is that, just to add number of iperf tx form attacker using threads. In this way,it sends packet in parallel to the server. So, I used the following code:
host1: 10.0.0.1) iperf -s
(host2: 10.0.0.2) iperf -c 10.0.0.1 -b 30M -l 1200 -P 6
If you want to send UDP flooding, then you must use -u switch on the server command:
iperf -s -u
on the client side, using your specification, it will be:
iperf -c 10.0.0.1 -t 200 -l 1200 -P 6
iperf is suitable for bandwidth testing. If you want to do ddos attack, please try hping3 or dperf.
I had set up a point-to-point stream using ffmpeg via UDP protocol and the stream worked, but there was screen tearing etc. I already tried raising the buffer size, but it did not help. This is a work network, so the UDP protocol won't work.
here is the full command:
ffmpeg -f dshow -i video="UScreenCapture" -r 30 -vcodec mpeg4 -q 12 -f mpegts udp://192.168.1.220:1234?pkt_size=188?buffer_size=65535
I've tried to make this work with TCP with no success
Here's what i've got now:
ffmpeg -f dshow -i video="UScreenCapture" -f mpegts tcp://192.168.1.194:5555
this returns an error:
real-time buffer [UScreenCapture] [Video input] too full or near too
full <323% of size: 3041280 [rtbufsize parameter]>! frame dropped!
This last message repeated xxxx times (it went up to around 1400 and I just turned it off).
I've tried to implement the -rtbufsize paremeter and raising the buffsize up to 800000000, didn't help.
I would appreciate any suggestions on how to solve this.
Since MJPEG over http consists basically on the transmission of a series of JPEG images seperated by a defined seperator, how does MPlayer recognize that it is an MJPEG stream?
Thank you
Have a look at:
MplayerMjpegStreamViewing < Motion < Foswiki
e.g.
mplayer -fps 4 -demuxer lavf http://rpi-6:8080/?action=stream
does the job for me. Suitable for a streaming server running on a Raspberry like this:
/usr/local/bin/mjpg_streamer -o output_http.so -w ./www -i input_raspicam.so -x 1920 -y 1440 -fps 3 -hf -vf
Once the client finishes the process is automatically closed. I would like to do the same thing in the server side, because I want to automatize some processes, but the server side finishes but remains open.
In iperf3, you can just give the -1 parameter and it will close automatically. It only accepts one connection and it will exit when that is finished.
Example:
% iperf3 -s -B 192.168.20.10 -p 70011 -1
I think it depends on the version. I can speak for iperf 2 where we recently added this capability. When the -server is launched there will ultimately be two threads per the "server", a listener thread and a traffic (receiver/server) thread. So -t does a few things, it sets the listener thread timeout and the traffic threads' times. The listener thread is the parent of the traffic thread so it must wait for the traffic threads to complete before it can terminate.
Example: Let's say one issues iperf -s -t 30 which will keep the listener around for 30 seconds. If no clients present themselves within 30 seconds the "server" terminates after 30 seconds. But if 20 seconds after the iperf -s -t 30 a client connect, e.g. iperf -c <server> -t 30, then the listener/server will to stay around for 20 + 30 seconds before terminating. (Note: The client's -t <value> isn't passed to the server so the server -t needs to be equal or greater than the clients -t.)
In server side of iperf there is no -t option for time limitting. You can use -P option for limiting the incoming clients.
For example if you run iperf -s -P 1 command, after the client finishes the test, the server shuts itself down.
use iperf option -t . So that it will stop after t seconds. Default iperf client timeout is 10 seconds. so it stops after that.
Try. Here both will stop after 10 seconds.
Server: iperf -s -t 10
Client: iperf -c <ipaddress> -t 10
Start it in background, wait until it's complete and after kill it.
iperf -s -w 2Mb -p 5001 &
sleep 20
pkill iperf
I need to have some statics (for test purpose ) on syn packet that was recieved.
I got lost with the available tools - ethreal. tshark.tcpdumt.
I want the simple tool that will not dump the complete packet only by pattern (in my case only ip, but some case i will also need payload) .
Which one from the above (or another) do the job?
If you have some patient i will be tankful for you to reference about the differences between them. didnt find good one.
I am running on Ubuntu.
The tool and the filter and the pattern all need to be from command line.
pattern can be - ip.src ip.payload
Thank you
The following tcpdump command will save all the packets to a file which have the SYN flag set and are sent to the IP address stored in the environmental variable MYIP:
MYIP=172.16.1.2
sudo tcpdump -w /tmp/syn_packets "tcp[tcpflags] & tcp-syn != 0 and dst $MYIP"
List of unique host/ports from the dump can be listed with the following command:
tcpdump -nr /tmp/syn_packets |cut -d " " -f 3 |uniq
List of packet counts per host/port can be listed with the following command:
tcpdump -nr /tmp/syn_packets |cut -d " " -f 3 |uniq -c
The packet contents will be stored in the tmp file. You can see a hex dump of the packet data with the -x option:
tcpdump -xr /tmp/syn_packets
You can dump the contents of packets from specific IPs with the following command:
REMOTEIP=6.6.6.6
tcpdump -xr /tmp/syn_packets "src $REMOTEIP"