hmmm... my Arch Linux notebook doesn't get a public IPv6 via... tcpdump doesn't show anything indicating I get a Router Advertisement. My smartphone in the same AP has one, though... *confused looks* edit: or rather, it accepts only one prefix.
Interest | Match | Feed
Interest | Match | Feed
Origin
woof.tech
November 10, 2025 at 7:55 PM
hmmm... my Arch Linux notebook doesn't get a public IPv6 via... tcpdump doesn't show anything indicating I get a Router Advertisement. My smartphone in the same AP has one, though... *confused looks*
Interest | Match | Feed
Interest | Match | Feed
Origin
woof.tech
November 10, 2025 at 7:46 PM
hmmm... my Arch Linux notebook doesn't get a public IPv6 via... tcpdump doesn't show anything indicating I get a Router Advertisement. My smartphone in the same AP has one, though... *confused looks*
Interest | Match | Feed
Interest | Match | Feed
Origin
woof.tech
November 10, 2025 at 7:46 PM
Networking Mini Labs
Learn OSI & TCP/IP basics
Setup virtual network → VLANs, firewall
Capture packets → Wireshark / tcpdump
Analyze traffic → protocols, flags
Simulate attacks → recon & brute force
Document → report suspicious events
Certs → CCNA, Network+
Learn → Build → Capture → Report.
Learn OSI & TCP/IP basics
Setup virtual network → VLANs, firewall
Capture packets → Wireshark / tcpdump
Analyze traffic → protocols, flags
Simulate attacks → recon & brute force
Document → report suspicious events
Certs → CCNA, Network+
Learn → Build → Capture → Report.
November 10, 2025 at 11:23 AM
Networking Mini Labs
Learn OSI & TCP/IP basics
Setup virtual network → VLANs, firewall
Capture packets → Wireshark / tcpdump
Analyze traffic → protocols, flags
Simulate attacks → recon & brute force
Document → report suspicious events
Certs → CCNA, Network+
Learn → Build → Capture → Report.
Learn OSI & TCP/IP basics
Setup virtual network → VLANs, firewall
Capture packets → Wireshark / tcpdump
Analyze traffic → protocols, flags
Simulate attacks → recon & brute force
Document → report suspicious events
Certs → CCNA, Network+
Learn → Build → Capture → Report.
I went to run a tcpdump to dig into this and it just started working. Not gonna argue. I have to do some fiddling with some of the filters and my hsflowd startup config but it's working great!
November 10, 2025 at 6:51 AM
I went to run a tcpdump to dig into this and it just started working. Not gonna argue. I have to do some fiddling with some of the filters and my hsflowd startup config but it's working great!
Damn android. All I need is one named pipe. I know you've heard your grandfather speak of them. I need to connect tcpdump or tshark under termux to the pcap output of this rethink dns thingy. But you've strayed so far from your family roots. You've become something I don't recognize anymore 🤣
November 9, 2025 at 3:29 PM
Damn android. All I need is one named pipe. I know you've heard your grandfather speak of them. I need to connect tcpdump or tshark under termux to the pcap output of this rethink dns thingy. But you've strayed so far from your family roots. You've become something I don't recognize anymore 🤣
Advanced Programming in the Unix Environment
Week 9: socket(PF_INET6, SOCK_STREAM, 0)
In this video, we demonstrate sockets using TCP to establish a sequenced, reliable, two-way byte stream over an #IPv6 network. Our good friend tcpdump(8) helps us inspect the packets on the wire to observe […]
Week 9: socket(PF_INET6, SOCK_STREAM, 0)
In this video, we demonstrate sockets using TCP to establish a sequenced, reliable, two-way byte stream over an #IPv6 network. Our good friend tcpdump(8) helps us inspect the packets on the wire to observe […]
Original post on mstdn.social
mstdn.social
November 7, 2025 at 4:09 PM
Advanced Programming in the Unix Environment
Week 9: socket(PF_INET6, SOCK_STREAM, 0)
In this video, we demonstrate sockets using TCP to establish a sequenced, reliable, two-way byte stream over an #IPv6 network. Our good friend tcpdump(8) helps us inspect the packets on the wire to observe […]
Week 9: socket(PF_INET6, SOCK_STREAM, 0)
In this video, we demonstrate sockets using TCP to establish a sequenced, reliable, two-way byte stream over an #IPv6 network. Our good friend tcpdump(8) helps us inspect the packets on the wire to observe […]
У меня 2 VPS в таймвебе. Очень доволен (тьфу-тьфу)! Техпод в адеквате, проблем за два года было ноль.
Запускай tcpdump - найдешь виновника мгновенно :)
Запускай tcpdump - найдешь виновника мгновенно :)
November 7, 2025 at 11:29 AM
У меня 2 VPS в таймвебе. Очень доволен (тьфу-тьфу)! Техпод в адеквате, проблем за два года было ноль.
Запускай tcpdump - найдешь виновника мгновенно :)
Запускай tcpdump - найдешь виновника мгновенно :)
Water utilities hire network telemetry monitors $55K–$85K. ICS configs, remote pumps, security gateways.
IR drill: PCAP flood → detect DoS attempt w/ tcpdump counters + firewall drop rule.
IR drill: PCAP flood → detect DoS attempt w/ tcpdump counters + firewall drop rule.
November 6, 2025 at 10:17 PM
Water utilities hire network telemetry monitors $55K–$85K. ICS configs, remote pumps, security gateways.
IR drill: PCAP flood → detect DoS attempt w/ tcpdump counters + firewall drop rule.
IR drill: PCAP flood → detect DoS attempt w/ tcpdump counters + firewall drop rule.
[Long post]
As a bonus though, I got to learn about "nmap --script broadcast-dhcp-discover" and "tcpdump -i eth0 -s 0 port bootpc" commands, which proved really useful in seeing what was going on.
As a bonus though, I got to learn about "nmap --script broadcast-dhcp-discover" and "tcpdump -i eth0 -s 0 port bootpc" commands, which proved really useful in seeing what was going on.
November 6, 2025 at 11:20 AM
[Long post]
As a bonus though, I got to learn about "nmap --script broadcast-dhcp-discover" and "tcpdump -i eth0 -s 0 port bootpc" commands, which proved really useful in seeing what was going on.
As a bonus though, I got to learn about "nmap --script broadcast-dhcp-discover" and "tcpdump -i eth0 -s 0 port bootpc" commands, which proved really useful in seeing what was going on.
taught a quasar how to use tcpdump
November 5, 2025 at 6:40 AM
taught a quasar how to use tcpdump
still troubleshooting this, still no idea
tcpdump on bad traffic shows everything normal then suddenly retransmits from desktop to server then nothing
tcpdump on bad traffic shows everything normal then suddenly retransmits from desktop to server then nothing
mystery time. pc can ssh local server, but session eventually freezes. pc can ping server fast, no dropped packets. cifs mounts on pc from server freeze. scp from pc to server crawls and stalls. downloading file from server to pc over http works normally. other pcs can ssh/cifs/scp server fine. wat?
November 2, 2025 at 9:40 PM
still troubleshooting this, still no idea
tcpdump on bad traffic shows everything normal then suddenly retransmits from desktop to server then nothing
tcpdump on bad traffic shows everything normal then suddenly retransmits from desktop to server then nothing
yeah its fucking bizzare scp, ssh, samba all break in but long http download works fine? issues occur ONLY between my home server and desktop
all works fine between server and laptop
have tried multiple network adapters, wireless and wired
tcpdump on bad traffic shows normal then re-tx then nada
all works fine between server and laptop
have tried multiple network adapters, wireless and wired
tcpdump on bad traffic shows normal then re-tx then nada
November 2, 2025 at 9:37 PM
yeah its fucking bizzare scp, ssh, samba all break in but long http download works fine? issues occur ONLY between my home server and desktop
all works fine between server and laptop
have tried multiple network adapters, wireless and wired
tcpdump on bad traffic shows normal then re-tx then nada
all works fine between server and laptop
have tried multiple network adapters, wireless and wired
tcpdump on bad traffic shows normal then re-tx then nada
Tcpdump permet de capturer et filtrer le trafic réseau sous Linux et macOS 🖥️
L’article détaille son usage, ses filtres et l’analyse des captures avec Wireshark.
https://bit.ly/47y4NR5
L’article détaille son usage, ses filtres et l’analyse des captures avec Wireshark.
https://bit.ly/47y4NR5
Réseau : comment utiliser tcpdump pour capturer et analyser le trafic | LeMagIT
Les administrateurs réseau utilisent tcpdump pour analyser le trafic dans les systèmes Linux. Apprenez à installer et à utiliser tcpdump, ainsi qu’à examiner les résultats du trafic capturé.
www.lemagit.fr
October 31, 2025 at 10:46 AM
Tcpdump permet de capturer et filtrer le trafic réseau sous Linux et macOS 🖥️
L’article détaille son usage, ses filtres et l’analyse des captures avec Wireshark.
https://bit.ly/47y4NR5
L’article détaille son usage, ses filtres et l’analyse des captures avec Wireshark.
https://bit.ly/47y4NR5
Tcpdump permet de capturer et filtrer le trafic réseau sous Linux et macOS 🖥️. L’article détaille son usage, ses filtres et l’analyse des captures avec Wiresh
👉 [lire]
👉 [lire]
October 30, 2025 at 6:25 AM
Tcpdump permet de capturer et filtrer le trafic réseau sous Linux et macOS 🖥️. L’article détaille son usage, ses filtres et l’analyse des captures avec Wiresh
👉 [lire]
👉 [lire]
You're not just guessing, you're literally investigating
But where can you start? well
- Study networking basics: HTTP, DNS, TCP/IP protocols
- Learn tools like Wireshark and tcpdump for packet analysis
- Practice with traffic logs and capture files in home labs
But where can you start? well
- Study networking basics: HTTP, DNS, TCP/IP protocols
- Learn tools like Wireshark and tcpdump for packet analysis
- Practice with traffic logs and capture files in home labs
October 29, 2025 at 3:14 PM
You're not just guessing, you're literally investigating
But where can you start? well
- Study networking basics: HTTP, DNS, TCP/IP protocols
- Learn tools like Wireshark and tcpdump for packet analysis
- Practice with traffic logs and capture files in home labs
But where can you start? well
- Study networking basics: HTTP, DNS, TCP/IP protocols
- Learn tools like Wireshark and tcpdump for packet analysis
- Practice with traffic logs and capture files in home labs
Il mondo del networking su Linux offre strumenti potenti e flessibili, ma pochi sono al livello di tcpdump, un’utility da riga di comando capace di catturare e analizzare pacchetti di rete in tempo reale. #Networking #Linux
Come analizzare il traffico di rete con tcpdump
Il mondo del networking su Linux offre strumenti potenti e flessibili, ma pochi sono al livello di tcpdump, un’utility da riga di comando capace di catturare e analizzare pacchetti di rete in tempo reale.
www.linuxeasy.org
October 28, 2025 at 11:33 AM
Il mondo del networking su Linux offre strumenti potenti e flessibili, ma pochi sono al livello di tcpdump, un’utility da riga di comando capace di catturare e analizzare pacchetti di rete in tempo reale. #Networking #Linux
这台地址还坚持了三十多个小时咧。
看一帖子说的应该是我的设备发了握手的请求(148k),服务器收到也回了握手(92k),但设备没收到,所以一直在请求握手的循环中(148k、296k、444k…)。所以我的设备上只有握手造成的发送数据量,接收数据为0;服务器则是有发送和接收的微量数据。
但应该还是服务器出了问题,因为是突然我的三个设备都连不上去了。
然后就是,tcpdump谁爱看谁看!真是反人类(乖乖去看
看一帖子说的应该是我的设备发了握手的请求(148k),服务器收到也回了握手(92k),但设备没收到,所以一直在请求握手的循环中(148k、296k、444k…)。所以我的设备上只有握手造成的发送数据量,接收数据为0;服务器则是有发送和接收的微量数据。
但应该还是服务器出了问题,因为是突然我的三个设备都连不上去了。
然后就是,tcpdump谁爱看谁看!真是反人类(乖乖去看
October 28, 2025 at 4:26 AM
这台地址还坚持了三十多个小时咧。
看一帖子说的应该是我的设备发了握手的请求(148k),服务器收到也回了握手(92k),但设备没收到,所以一直在请求握手的循环中(148k、296k、444k…)。所以我的设备上只有握手造成的发送数据量,接收数据为0;服务器则是有发送和接收的微量数据。
但应该还是服务器出了问题,因为是突然我的三个设备都连不上去了。
然后就是,tcpdump谁爱看谁看!真是反人类(乖乖去看
看一帖子说的应该是我的设备发了握手的请求(148k),服务器收到也回了握手(92k),但设备没收到,所以一直在请求握手的循环中(148k、296k、444k…)。所以我的设备上只有握手造成的发送数据量,接收数据为0;服务器则是有发送和接收的微量数据。
但应该还是服务器出了问题,因为是突然我的三个设备都连不上去了。
然后就是,tcpdump谁爱看谁看!真是反人类(乖乖去看
Mastering Network Analysis with tcpdump: A Quick Guide In the world of network administration and cybersecurity, tcpdump stands as a premier command-line utility for capturing and analyzing network...
#Linux
Origin | Interest | Match
#Linux
Origin | Interest | Match
Tcpdump is a powerful command-line utility for analyzing network traffic. It allows you to capture and inspect the data packets being transmitted or received by your system.
For network administrators and security professionals, tcpdump is an indispensable tool for troubleshooting network issues, identifying security threats, and ensuring optimal network performance.
Table of Contents
Toggle
* Getting Started with tcpdump
* Capturing Your First Packets
* Filtering Traffic for Precise Analysis
* Combining Filters for Advanced Analysis
* Saving and Reading Captures
### Getting Started with tcpdump
Before diving in, it’s essential to have tcpdump installed. Most Linux distributions come with it pre-installed. You can verify this by opening a terminal and typing `tcpdump`. If it’s not installed, you can easily add it using your distribution’s package manager.
**Basic Syntax:**
The fundamental structure of a tcpdump command is straightforward: `tcpdump [options] [expression]`
* **options:** These are flags that modify the behavior of tcpdump, such as specifying a network interface or controlling the output format.
* **expression:** This is a filter that defines the specific traffic you want to capture, based on criteria like IP addresses, ports, or protocols.
### Capturing Your First Packets
To begin capturing network traffic, you can simply run `tcpdump` with `sudo` privileges: `sudo tcpdump`
This command will start capturing packets on the default network interface and display the output in your terminal. To stop the capture, press `Ctrl+C`. The output might seem overwhelming at first, so let’s explore how to refine our captures.
**Key Options to Know:**
* `i <interface>`: Specifies the network interface to capture packets from (e.g., `eth0`, `wlan0`). Use `i any` to capture from all active interfaces.
* `D`: Lists all available network interfaces on your system.
* `c <count>`: Exits after capturing a specific number of packets.
* `n`: Disables the conversion of IP addresses to hostnames, which can speed up the capture process.
* `w <filename.pcap>`: Writes the captured packets to a file in `.pcap` format for later analysis with tools like Wireshark.
* `r <filename.pcap>`: Reads and analyzes packets from a previously saved `.pcap` file.
### Filtering Traffic for Precise Analysis
The real power of tcpdump lies in its filtering capabilities. By applying filters, you can isolate the specific traffic you’re interested in, making analysis much more manageable.
**Filtering by Host:**
See also: Mastering the Linux Command Line — Your Complete Free Training Guide
You can capture traffic to or from a specific IP address or hostname: `sudo tcpdump host 192.168.1.1`
To be more specific, you can use `src` or `dst` to filter by source or destination: `sudo tcpdump src 192.168.1.1sudo tcpdump dst 192.168.1.1`
**Filtering by Port:**
To monitor traffic on a particular port, use the `port` filter. This is especially useful for troubleshooting services like HTTP (port 80) or HTTPS (port 443): `sudo tcpdump port 80`
You can also specify source or destination ports: `sudo tcpdump src port 80sudo tcpdump dst port 443`
**Filtering by Protocol:**
You can filter for specific protocols such as TCP, UDP, or ICMP: `sudo tcpdump icmp`
### Combining Filters for Advanced Analysis
Tcpdump allows you to combine filters using logical operators like `and` (`&&`), `or` (`||`), and `not` (`!`) to create more complex and specific capture criteria.
**Example of a Combined Filter:**
To capture TCP traffic from host 192.168.1.100 on port 443: `sudo tcpdump tcp and host 192.168.1.100 and port 443`
To capture all traffic except for SSH (port 22): `sudo tcpdump not port 22`
### Saving and Reading Captures
For in-depth analysis, it’s often best to save your captured packets to a file. The `-w` option allows you to do this: `sudo tcpdump -i eth0 -w capture.pcap`
This creates a file named `capture.pcap` containing the captured data. You can then analyze this file with tcpdump itself or with a graphical tool like Wireshark.
To read the contents of a saved capture file, use the `-r` option: `tcpdump -r capture.pcap`
By mastering these fundamental commands and options, you can effectively leverage tcpdump to gain valuable insights into your network’s behavior. This powerful tool is an essential addition to any network administrator’s or security professional’s toolkit.
Learn tcpdump quick guide
20 Advanced Tcpdump Examples On Linux
10 Useful Linux tcpdump command examples
Tcpdump: Filter ICMPv6 Packets
www.howtouselinux.com
October 24, 2025 at 6:31 AM
Mastering Network Analysis with tcpdump: A Quick Guide Tcpdump is a powerful command-line utility for analyzing network traffic. It allows you to capture and inspect the data packets being transmit...
#Linux
Origin | Interest | Match
#Linux
Origin | Interest | Match
Tcpdump is a powerful command-line utility for analyzing network traffic. It allows you to capture and inspect the data packets being transmitted or received by your system.
For network administrators and security professionals, tcpdump is an indispensable tool for troubleshooting network issues, identifying security threats, and ensuring optimal network performance.
Table of Contents
Toggle
* Getting Started with tcpdump
* Capturing Your First Packets
* Filtering Traffic for Precise Analysis
* Combining Filters for Advanced Analysis
* Saving and Reading Captures
### Getting Started with tcpdump
Before diving in, it’s essential to have tcpdump installed. Most Linux distributions come with it pre-installed. You can verify this by opening a terminal and typing `tcpdump`. If it’s not installed, you can easily add it using your distribution’s package manager.
**Basic Syntax:**
The fundamental structure of a tcpdump command is straightforward: `tcpdump [options] [expression]`
* **options:** These are flags that modify the behavior of tcpdump, such as specifying a network interface or controlling the output format.
* **expression:** This is a filter that defines the specific traffic you want to capture, based on criteria like IP addresses, ports, or protocols.
### Capturing Your First Packets
To begin capturing network traffic, you can simply run `tcpdump` with `sudo` privileges: `sudo tcpdump`
This command will start capturing packets on the default network interface and display the output in your terminal. To stop the capture, press `Ctrl+C`. The output might seem overwhelming at first, so let’s explore how to refine our captures.
**Key Options to Know:**
* `i <interface>`: Specifies the network interface to capture packets from (e.g., `eth0`, `wlan0`). Use `i any` to capture from all active interfaces.
* `D`: Lists all available network interfaces on your system.
* `c <count>`: Exits after capturing a specific number of packets.
* `n`: Disables the conversion of IP addresses to hostnames, which can speed up the capture process.
* `w <filename.pcap>`: Writes the captured packets to a file in `.pcap` format for later analysis with tools like Wireshark.
* `r <filename.pcap>`: Reads and analyzes packets from a previously saved `.pcap` file.
### Filtering Traffic for Precise Analysis
The real power of tcpdump lies in its filtering capabilities. By applying filters, you can isolate the specific traffic you’re interested in, making analysis much more manageable.
**Filtering by Host:**
See also: Mastering the Linux Command Line — Your Complete Free Training Guide
You can capture traffic to or from a specific IP address or hostname: `sudo tcpdump host 192.168.1.1`
To be more specific, you can use `src` or `dst` to filter by source or destination: `sudo tcpdump src 192.168.1.1sudo tcpdump dst 192.168.1.1`
**Filtering by Port:**
To monitor traffic on a particular port, use the `port` filter. This is especially useful for troubleshooting services like HTTP (port 80) or HTTPS (port 443): `sudo tcpdump port 80`
You can also specify source or destination ports: `sudo tcpdump src port 80sudo tcpdump dst port 443`
**Filtering by Protocol:**
You can filter for specific protocols such as TCP, UDP, or ICMP: `sudo tcpdump icmp`
### Combining Filters for Advanced Analysis
Tcpdump allows you to combine filters using logical operators like `and` (`&&`), `or` (`||`), and `not` (`!`) to create more complex and specific capture criteria.
**Example of a Combined Filter:**
To capture TCP traffic from host 192.168.1.100 on port 443: `sudo tcpdump tcp and host 192.168.1.100 and port 443`
To capture all traffic except for SSH (port 22): `sudo tcpdump not port 22`
### Saving and Reading Captures
For in-depth analysis, it’s often best to save your captured packets to a file. The `-w` option allows you to do this: `sudo tcpdump -i eth0 -w capture.pcap`
This creates a file named `capture.pcap` containing the captured data. You can then analyze this file with tcpdump itself or with a graphical tool like Wireshark.
To read the contents of a saved capture file, use the `-r` option: `tcpdump -r capture.pcap`
By mastering these fundamental commands and options, you can effectively leverage tcpdump to gain valuable insights into your network’s behavior. This powerful tool is an essential addition to any network administrator’s or security professional’s toolkit.
Learn tcpdump quick guide
20 Advanced Tcpdump Examples On Linux
10 Useful Linux tcpdump command examples
Tcpdump: Filter ICMPv6 Packets
www.howtouselinux.com
October 24, 2025 at 3:47 AM
okay i'm just running tcpdump on my server until the network fails
i will end up with a 3gb pcap file and i am willing to deal with that
i will end up with a 3gb pcap file and i am willing to deal with that
October 23, 2025 at 8:03 PM
okay i'm just running tcpdump on my server until the network fails
i will end up with a 3gb pcap file and i am willing to deal with that
i will end up with a 3gb pcap file and i am willing to deal with that
okay i'm just running tcpdump on my server until the network fails
i will end up with a 3gb pcap file and i am willing to deal with that
i will end up with a 3gb pcap file and i am willing to deal with that
October 23, 2025 at 7:55 PM
okay i'm just running tcpdump on my server until the network fails
i will end up with a 3gb pcap file and i am willing to deal with that
i will end up with a 3gb pcap file and i am willing to deal with that
@Sempf @mttaggart
Use testssl.sh or the qualys ssl scanner to see if the cipher list matches, or use tcpdump to compare the client ciphers to the server ciphers.
Use testssl.sh or the qualys ssl scanner to see if the cipher list matches, or use tcpdump to compare the client ciphers to the server ciphers.
October 23, 2025 at 7:19 PM
@Sempf @mttaggart
Use testssl.sh or the qualys ssl scanner to see if the cipher list matches, or use tcpdump to compare the client ciphers to the server ciphers.
Use testssl.sh or the qualys ssl scanner to see if the cipher list matches, or use tcpdump to compare the client ciphers to the server ciphers.
tcpdump (Linux/macOS): Run sudo tcpdump -i eth0 arp (replace eth0 with your interface) to capture ARP traffic.
October 23, 2025 at 2:09 AM
tcpdump (Linux/macOS): Run sudo tcpdump -i eth0 arp (replace eth0 with your interface) to capture ARP traffic.