How to decipher tcpdump file

02-01-2005 04:43 PM #1

vtntl

Guest

How to decipher tcpdump file

20.000 Softwares download here

Hi,

I am stuck with a tricky situation in which one of my applications is flooding the network with UDP messages. The architecture of the application is not supposed to do so. Neither is there any place where the application will go into an infinite loop sending UDP messages over the network. To find out what message is being sent out, I captured the output of tcpdump to get the contents of the UDP packets sent by the application over the network. Following is a portion of the tcpdump output:

13:37:33.568065 udm > activeip: ip-proto-153 13 (DF)

4500 0021 0512 4000 fe99 01d4 2f87 2b01

0a46 1118 2547 2547 000d 735b 7000 2e04

2e00 0000 0000 0000 0000 0000 0000

13:37:33.568091 udm > activeip: ip-proto-153 13 (DF)

4500 0021 0513 4000 fe99 01d3 2f87 2b01

0a46 1118 2547 2547 000d 735b 7000 2e04

2e00 0000 0000 0000 0000 0000 0000

13:37:33.568116 udm > activeip: ip-proto-153 13 (DF)

4500 0021 0514 4000 fe99 01d2 2f87 2b01

0a46 1118 2547 2547 000d 735b 7000 2e04

2e00 0000 0000 0000 0000 0000 0000

Can anyone help me in deciphering the contents of the packets? This will help me in finding out in the code where these messages are being sent out. Do keep in mind that I am pretty new to tcpdump.

Regards,

Diganta

Reply With Quote

02-01-2005 05:09 PM #2

trong_dat1402

Guest

A reference on IPv4 headers would greatly help you decipher the packet information:

Code:

An IPv4 header 



<------------------------------------ 32 bits ---------------------------------->



|-------------------------------------------------------------------------------|

| Version |   IHL   |  Type of Service  |            Total Length               |

|-------------------------------------------------------------------------------|

|             Identification            | Flags |          Fragment Offset      |

|-------------------------------------------------------------------------------|

|   Time to Live    |     Protocol      |             Header Checksum           |

|-------------------------------------------------------------------------------|

|                                  Source Address                               |

|-------------------------------------------------------------------------------|

|                               Destination Address                             |

|-------------------------------------------------------------------------------|

|                     Options                               |      Padding      |

|-------------------------------------------------------------------------------|





|-------------------------------------------------------------------------------|

|                                     Payload                                   |

|-------------------------------------------------------------------------------|

Reference:

An IPv4 header

Reply With Quote

02-01-2005 06:26 PM #3

kent_jay

Guest

Excellent CMU lecture on IPv4

Reply With Quote

02-01-2005 07:19 PM #4

duong nhat than

Guest

Following is a very good link to understand tcpdump for beginners.

http://www.aei.ca/~pmatulis/pub/tcpdump.html

Reply With Quote

Thread: How to decipher tcpdump file

LinkBack

Thread Tools

Display

How to decipher tcpdump file

Similar Threads

"The file is possibly corrupt. The file header checksum does not match the compu

Need help promoting FILE SHARING / FILE HOSTING Site..

Can't solve error with my html file when reading xml file(API) plz help

About xcopy - How to copy file directly without asking me if it's directory or file?

decipher pstack with problem lwp

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions