I am trying to find a way to read multiple ports using tcpdump. Suppose I have two ports, p1 and p2, and I want to read the traffic moving through both ports simultaneously. Is there any way to do it using tcpdump or will I have to use some other tool?
Basically I am running a proxy server which is running on some port. I want to read the traffic moving through this port as well traffic moving through port 80(HTTP).
tcpdump port 80 or port 3128
or, alternatively,
tcpdump port '(80 or 443)'
if you want to filter ports based on the range then use portrange.
E.g:
tcpdump -an portrange 1-25
You can also select an interface (change -i any to -i en0 for example) and the communication protocol :
tcpdump -i any 'udp port 1812 or tcp port 1813'
Related
Iperf3 uses two channels to communicate, one via TCP and the other via UDP.
When its going to communicate to another host, it uses the same port for both channels.
For example: If I tell it to connect to port 3000 on the host, the TCP channel will connect on the host's port 3000
and the UDP channel too.
I need to encapsulate the TCP communication into UDP datagrams, send over UDP to the host on port 3000 and then de-encapsulate
the TCP and demultiplex it so it gets delivered correctly at port 3000.
To achieve this, Im using socat to create a TCP-UDP tunnel like this (this tunnel is working!):
On the sender end:
socat -d tcp-listen:2000,reuseaddr,fork udp:54.226.25.18:3000
On the receiving end:
socat -d udp-listen:3000,reuseaddr,fork tcp:localhost:1080.
OK, now why I'm converting TCP to UDP and then from UDP to TCP again? I'm doing that because I was trying to use socks4, and it works
only with TCP. I was using it to encapsulate the TCP and UDP traffic into TCP, then I convert this TCP stream into UDP and send over
to the host with socat, like this:
On the sender end (tunnel+socks):
socat tcp-listen:2000 socks4a:localhost:54.226.25.18:3000 & socat tcp-listen:1080,reuseaddr,fork udp:54.226.25.18:3000 & nc localhost 2000
On the receiving end (tunnel):
socat udp-listen:3000,reuseaddr,fork tcp:localhost:1080 & nc -l 1080
This solution kinda works, this is what the receiving end receives:
�senderPcName54.226.25.18
But it only receives something the first time, when I send more data with netcat, nothing shows up on the receiving end.
Maybe this is happening because the way Im doing it theres nothing on the other side to open what is encapsulated into TCP and demultiplex it. This is my hunch, I might be wrong.
I tried to think on a solution using socks5 but I dont know how to send things through it (didn't find materials on how to do it) like I do with socks4 in this line:
socat tcp-listen:2000 socks4a:localhost:54.226.25.18:3000
I tried without success to install socat with socks5 support because it lacks files.
You can read about Iperf3's relevant behavior here:
https://github.com/esnet/iperf/issues/1019
Obs: I NEED to tunnel over UDP. And I can only use ONE UDP port.
Any pointers on how to solve this with socks or with something new altogether is greatly appreciated.
Summary of my problem: Iperf3 uses TCP and UDP to work. I can only use UDP. How to tunnel the TCP connection alongside UDP so it works without setting a real TCP connection?
You will need some kind of multiplexer solution to drive both UDP and TCP through the UDP channel.
When you have root privilege on both computers, you can establish a Socat tunnel:
On sending side:
sudo socat -d -d -d -d TUN:192.168.255.1/24,up UDP:54.226.25.18:2000,bind=:2000
On receiving side:
sudo socat -d -d -d -d TUN:192.168.255.2/24,up UDP-LISTEN:2000
You should now be able to ping 192.168.255.2 from sender and 192.168.255.1 from receiver.
For testing UDP, enter on receiver:
socat UDP-LISTEN:3000 -
On sender:
socat - UDP:192.168.255.2:3000
I have two applications that both bind to the same port to receive UDP traffic. I am able to change the listen port of one of the programs but not the other. I need both to be able to see the traffic.
I have tried using socat for this but have been unable to figure out how to get it to send a copy of the traffic to a different port without interfering with the program bound to the original port.
A few tricks come to mind, but when you are not able to change both receiving ports or the target port of the sender, you will need to use iptables to modify the port of the incoming packets. On that port Socat with sniffing (option -r) to a pipe and another Socat instance could solve your problem.
I would like to communicate between two machines on the same network by using netcat. Basically I need to send some UDP frames from one machine to another on the same network.
I looked through netcat literature and found it is possible to send UDP frames, so first i tried between 2 Linux consoles on the same machine.
Next, I tried between 2 machines on the same network but this did not work.
Can someone please explain how can this be done or if there is some alternate method that can be used.
Thanks in advance!!
Make sure your firewalls allow UDP throughput.
iptables -A INPUT -p udp -m udp --dport 1:65535 -j ACCEPT
To test my implementation of a NAT, I want to send TCP packets from one internal host to two different external hosts, and make sure that the source port for both streams of packets that leave the NAT have the same source port. How can I control the source port? wget uses different source ports for separate TCP connections.
Maybe you want to try netcat with -p option, if you don't want to write code by yourself, example:
$ nc -p 31337 www.google.com 80
Here is the explanation for "-p" option from man page:
Specifies the source port nc should use, subject to privilege restrictions and availability. It is an error to use this option in conjunction with the -l option.
Note though to use any port under 1024 requires root permission.
Bind the socket to a specific local port before you connect it.
I'm trying to view traffic transmitted to a specific multicast address on a network in order to analyze a protocol we're using.
I don't have Wireshark available on the setup (unfortunately). TCPDump is available though. So, can anyone show me a command have TCPDump filter to only view messages transmitted to a secific multicast group address?
I believe this should be enough for a specific group:
tcpdump -i eth0 -s0 -vv host 239.255.255.250
All multicast traffic:
tcpdump -i eth0 -s0 -vv net 224.0.0.0/4