+ Reply to Thread
Results 1 to 5 of 5

Thread: How to decipher tcpdump file

  1. #1
    vtntl
    Guest

    How to decipher tcpdump file

    Hi,



    I am stuck with a tricky situation in which one of my applications is flooding the network with UDP messages. The architecture of the application is not supposed to do so. Neither is there any place where the application will go into an infinite loop sending UDP messages over the network. To find out what message is being sent out, I captured the output of tcpdump to get the contents of the UDP packets sent by the application over the network. Following is a portion of the tcpdump output:



    13:37:33.568065 udm > activeip: ip-proto-153 13 (DF)

    4500 0021 0512 4000 fe99 01d4 2f87 2b01

    0a46 1118 2547 2547 000d 735b 7000 2e04

    2e00 0000 0000 0000 0000 0000 0000

    13:37:33.568091 udm > activeip: ip-proto-153 13 (DF)

    4500 0021 0513 4000 fe99 01d3 2f87 2b01

    0a46 1118 2547 2547 000d 735b 7000 2e04

    2e00 0000 0000 0000 0000 0000 0000

    13:37:33.568116 udm > activeip: ip-proto-153 13 (DF)

    4500 0021 0514 4000 fe99 01d2 2f87 2b01

    0a46 1118 2547 2547 000d 735b 7000 2e04

    2e00 0000 0000 0000 0000 0000 0000



    Can anyone help me in deciphering the contents of the packets? This will help me in finding out in the code where these messages are being sent out. Do keep in mind that I am pretty new to tcpdump.



    Regards,

    Diganta
    More Information:
    1. I am aware that the "tcpdump" file is the most widely used, but on what basis is the decision made as to which file to use? Also, I am using the TCPDUMP file of the DARPA dataset
    2. I'm going to go learn how to decipher the tcpdump report correctly now (rather than assuming), but if anyone has any insights in the meantime
    3. How to concatenate two tcpdump files (pcap files) · IPv6 decoder for pcapy/impacket · Why ruby's(ver 1
    4. TRACE Telcordia Software Visualization and Analysis Toolsuite (testing software) ECXpert Debugging File WebSTAR Mail Server Error File Zope 3 Strace Log TcpDump Output File
    5. Initially started to use python, but only find a tcpdump parser and could not get more than one file translated in tcpdump to hexadecimal
    6. sport == 80 but couldn't decipher how to get at the payload of the upper layers given an

    More:


  2. #2
    trong_dat1402
    Guest

    A reference on IPv4 headers would greatly help you decipher the packet information:




    Code:

    An IPv4 header 

    <------------------------------------ 32 bits ---------------------------------->

    |-------------------------------------------------------------------------------|
    | Version | IHL | Type of Service | Total Length |
    |-------------------------------------------------------------------------------|
    | Identification | Flags | Fragment Offset |
    |-------------------------------------------------------------------------------|
    | Time to Live | Protocol | Header Checksum |
    |-------------------------------------------------------------------------------|
    | Source Address |
    |-------------------------------------------------------------------------------|
    | Destination Address |
    |-------------------------------------------------------------------------------|
    | Options | Padding |
    |-------------------------------------------------------------------------------|


    |-------------------------------------------------------------------------------|
    | Payload |
    |-------------------------------------------------------------------------------|


    Reference:

    An IPv4 header
    More Information:
    1. Using the above information we should now be able to decipher a packet dump that shows a telnet option negotiation
    2. So now we're doing some real-time monitoring and TCPDumps, which they're trying to decipher… good choice of words, as this is all SSL traffic, so
    3. You will learn how to decipher log messages and to build confidence in damage assessment situations
    4. Web browser: Technical articles 2003-02-10; Making sense of tcpdump with add-on enhancements: Tcpdump is a useful tool for tracking down network performance issues, but the output can be difficult to decipher
    5. It will append the packets at the end of the pcap file if you specify the same output prefix, keeping the IVs you already have (a feature that tcpdump doesn't have btw ;))
    6. I got the dump, thanks (tcpdump? damn! I gotta read that manpage one day) still trying to decipher that

  3. #3
    kent_jay
    Guest

    Excellent CMU lecture on IPv4
    More Information:
    1. I need to learn how to read TCPdumps they are difficult for me to decipher
    2. capture with tcpdump you need to use '-s 0' to prevent the payload from being stipped and direct the ouput to a file like the following:
    3. Other times it's the octal notation, or maybe how to decipher the setuid and sticky bit trickery
    4. TCPDump contains options to decipher RTP traffic, this presents the output in a manner that is easily manipulated using tools such as awk or perl scripts
    5. It is quite common to use TCPDump to write to file a range of packets to file and then read the packets required from this file, this
    6. Rich VoIP analysis * Read/write many different capture file formats: tcpdump (libpcap), Pcap NG, Catapult DCT2000, Cisco
    7. Although I do not have any clue how to decipher these
    8. If you are looking for deciphering of the actual letters: rtfm for tcpdump

  4. #4
    duong nhat than
    Guest

    Following is a very good link to understand tcpdump for beginners.



    http://www.aei.ca/~pmatulis/pub/tcpdump.html
    More Information:
    1. I do not think Squid knows how to either decipher the GRE packet and or when it tries to send the information back out its not going back to the client
    2. 1 -w output-file > >> $ sudo wireshark output-file I think we have already been down this path before, I told Hadi to use wireshark to looking to the packet and if it was a known protocol it would decipher it
    3. I'm not sure how to decipher that OK, now I know at least that much
    4. Pcapsipdump is a "tcpdump" style tool for saving SIP and RTP traffic to disk, one file per SIP session
    5. I am working on writing a program to decipher a tcpdump file into plain, readable text
    6. The authors run through files and directories relative to /proc and describe how to view information about the kernel and currently running processes
    7. You may specify to tcpdump the keys used by the security association to view deciphered packets

+ Reply to Thread

Similar Threads

  1. "The file is possibly corrupt. The file header checksum does not match the compu
    "The file is possibly corrupt. The file header checksum does not match the computed checksum." Ihave A Sony Viao pcg 5kfp 7 I couldn'tRepair This...
  2. Need help promoting FILE SHARING / FILE HOSTING Site..
    Hi, I have a brand new site file sharing/ file hosting website [url= I would like to know how can I promote this site and improve the traffic on...
  3. Can't solve error with my html file when reading xml file(API) plz help
    In my html file i'm trying to read from an xml file which has the lat and lng of markers to display on google map. i do the following steps: var...
  4. About xcopy - How to copy file directly without asking me if it's directory or file?
    Hi, I tried to use xcopy command to copy files but they are always annoying me by asking me that I would like to copy as folder or file and I want...
  5. decipher pstack with problem lwp
    My company has a product that is running on JBoss on Solaris against Oracle 8.1.7. We are having an issue with the server process and high CPU...

Visitors found this page by searching for:

Nobody landed on this page from a search engine, yet!

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
Automatic Translations (Powered by Powered by Google):
Afrikaans Albanian Arabic Belarusian Bulgarian Catalan Chinese Croatian Czech Danish Dutch English Estonian Filipino Finnish French Galician German Greek Hebrew Hindi Hungarian Icelandic Indonesian Irish Italian Japanese Korean Latvian Lithuanian Macedonian Malay Maltese Norwegian Persian Polish Portuguese Romanian Russian Serbian Slovak Slovenian Spanish Swahili Swedish Taiwanese Thai Turkish Ukrainian Vietnamese Welsh Yiddish