User Tools

Site Tools

Trace: php-fpm netstat tcpdump
tcpdump

This is an old revision of the document!

TCP dump is used to create DUMPs of network traffic. This information can then be used to troubleshoot a range of problems you may be having, eg, application issues, networking issues etc.
Note: If you write the output of a tcp dump to a file, you can then import this file into wire shark to interpret this better (make life easier)

Flag Description
-A Print each packet (minus its link level header) in ASCII. Handy for capturing web pages
-n Don't convert host addresses to names. This can be used to avoid DNS lookups.
-nn Don't convert protocol and port numbers etc. to names either.
-w Write the raw packets to file rather than parsing and printing them out
-i Interface
src Only capture information from a source (eg, src host x.x.x.x )
dst Only capture traffic to destination address (a server could have multiple IPs, so you can specify)
-t NO time stamp - might be easier to read
-vvv Even more verbose output. For example, telnet SB … SE options are printed in full. With -X Telnet options are printed in hex as well.



Examples

Description: Clean - NO time stamps and NO packet output 

# time tcpdump -t -nn -i eth0 port 443

IP x.x.x.190.26753 > x.x.x.129.443: Flags [S], seq 90450879, win 29200, options [mss 1380,sackOK,TS val 176708915 ecr 0,nop,wscale 7], length 0
IP x.x.x.x.443 > x.x.x.190.26753: Flags [S.], seq 1451406549, ack 90450880, win 28960, options [mss 1460,sackOK,TS val 180471895 ecr 176708915,nop,wscale 7], length 0
IP x.x.x190.26753 > x.x.x.129.443: Flags [.], ack 1, win 229, options [nop,nop,TS val 176708934 ecr 180471895], length 0
IP x.x.x.190.26753 > x.x.x.129.443: Flags [P.], seq 1:518, ack 1, win 229, options [nop,nop,TS val 176708934 ecr 180471895], length 517
Description: Capture packets and it has time stamps 
# time tcpdump -nn -i eth0 dst port 443 -A


x:x.x:29.334109 IP x.x.x.129.50684 > x.x.x.11.443: Flags [.], ack 305494749, win 772, options [nop,nop,TS val 180530251 ecr 1978706385], length 0
E..4..@[email protected]^......<.JW.5z............

..Ku...


Verbose

Non verbose 

listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
IP 82.94.168.11.443 > 195.154.211.129.50684: Flags [P.], seq 305495973:305496007, ack 1020938839, win 19, options [nop,nop,TS val 1978798886 ecr 180890262], length 34
IP 195.154.211.129.50684 > 82.94.168.11.443: Flags [.], ack 34, win 772, options [nop,nop,TS val 180900262 ecr 1978798886], length 0
-vvv 
IP (tos 0x0, ttl 54, id 18426, offset 0, flags [DF], proto TCP (6), length 86)
    82.94.168.11.443 > 195.154.211.129.50684: Flags [P.], cksum 0x6b90 (correct), seq 305495973:305496007, ack 1020938839, win 19, options [nop,nop,TS val 1978798886 ecr 180890262], length 34
IP (tos 0x0, ttl 64, id 56819, offset 0, flags [DF], proto TCP (6), length 52)
    195.154.211.129.50684 > 82.94.168.11.443: Flags [.], cksum 0x91ac (incorrect -> 0x1bc7), seq 1, ack 34, win 772, options [nop,nop,TS val 180900262 ecr 1978798886], length 0

tcpdump.1466174543.txt.gz · Last modified: 2024/05/23 07:26 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki