Re: [ILUG-BOM] howto use tcpdump, was kget can resume downloads, other download managers can't
27 Jan
2009
27 Jan
'09
4:31 a.m.
Reply in-line :-
On Tue, Jan 27, 2009 at 02:30, steve <steve(a)lonetwin.net> wrote:
<snip>
If you really want to get to the bottom of this,
I'd suggest running tcpdump
(normally, i use the options tcpdump -s0 -w <output>.cap host
<youripaddress>)
and then reading the capture file using wireshark, both with kget and with wget.
<snip>
Hi Steve,
sorry for jumping on the thread. I am on kernel 2.6.27 and there is
a big possibility I haven't really understood your command.
You gave
tcpdump -s0 -w <output>.cap host <youripaddress>
I used :-
tcpdump -s0 -w output.cap host 59.95.28.28
(ouput.cap most probably is a file-name and the IP Address is the IP
Address being assigned by my provider)
but both for this I get
tcpdump: no suitable device found
Doing a cursory look at dmesg came across this .
[37479.042325] tcpdump uses obsolete (PF_INET,SOCK_PACKET)
My ifconfig.
$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:07:95:44:10:db
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:18 Base address:0xc800
eth1 Link encap:Ethernet HWaddr 00:08:a1:92:56:33
inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::208:a1ff:fe92:5633/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1990826 errors:0 dropped:0 overruns:0 frame:0
TX packets:2204997 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1271599953 (1.2 GB) TX bytes:537487624 (537.4 MB)
Interrupt:22 Base address:0xcc00
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:556 errors:0 dropped:0 overruns:0 frame:0
TX packets:556 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:50924 (50.9 KB) TX bytes:50924 (50.9 KB)
As can be seen the active connection here is eth1.
The connection is between ethernet card and router.
regards,
- steve
--
Regards,
Shirish Agarwal
My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
065C 6D79 A68C E7EA 52B3 8D70 950D 53FB 729A 8B17
27 Jan
27 Jan
5:06 a.m.
New subject: howto use tcpdump, was kget can resume downloads, other download managers can't
On Tue, Jan 27, 2009 at 10:01 AM, shirish <shirishag75(a)gmail.com> wrote:
Hi Steve,
sorry for jumping on the thread. I am on kernel 2.6.27 and there is
a big possibility I haven't really understood your command.
You gave
tcpdump -s0 -w <output>.cap host <youripaddress>
I used :-
tcpdump -s0 -w output.cap host 59.95.28.28
(ouput.cap most probably is a file-name and the IP Address is the IP
Address being assigned by my provider)
but both for this I get
tcpdump: no suitable device found
Did you try it as root? I tried the same comand as root and non-root.
Got the same error as you have got, when run as non-root. Worked when
done as root.
--
"I once witnessed a long-winded, month-long flamewar over the use of
mice vs. trackballs...It...
8:26 a.m.
New subject: howto use tcpdump, was kget can resume downloads, other download managers can't
Reply in-line :-
On Tue, Jan 27, 2009 at 10:36, Mehul Ved <mehul.n.ved(a)gmail.com> wrote:
On Tue, Jan 27, 2009 at 10:01 AM, shirish
<shirishag75(a)gmail.com> wrote:
Hi Mehul,
Thanks for replying. Got it working, had to modify the command
just a bit.
$ sudo tcpdump -s0 -i eth1 -w output.cap host 59.95.28.28
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size
65535 bytes
^C34 packets captured
36 packets received by filter
0 packets dropped by kernel
Then ran wireshark on output.cap and was able to see the results.
It is a pretty good tool. Trying to find more about the same.
Hi Steve,
sorry for jumping on the thread. I am on kernel 2.6.27 and there is
a big possibility I haven't really understood your command.
You gave
tcpdump -s0 -w <output>.cap host <youripaddress>
I used :-
tcpdump -s0 -w output.cap host 59.95.28.28
(ouput.cap most probably is a file-name and the IP Address is the IP
Address being assigned by my provider)
but both for this I get
tcpdump: no suitable device found
Did you try it as root? I tried the same comand as root and non-root.
Got the same error as you have got, when run as non-root. Worked when
done as root. --
"I once witnessed a long-winded, month-long flamewar over the use of
mice vs. trackballs...It...
--
Regards,
Shirish Agarwal
My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
065C 6D79 A68C E7EA 52B3 8D70 950D 53FB 729A 8B17
8:30 a.m.
New subject: howto use tcpdump, was kget can resume downloads, other download managers can't
Reply in-line :-
On Tue, Jan 27, 2009 at 13:56, shirish <shirishag75(a)gmail.com> wrote:
<snip>
$ sudo tcpdump -s0 -i eth1 -w output.cap host
59.95.28.28
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size
65535 bytes
^C34 packets captured
36 packets received by filter
0 packets dropped by kernel
I dunno what is this capture size is 65535 bytes and what it is being
influenced by?
--
Regards,
Shirish Agarwal
My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
065C 6D79 A68C E7EA 52B3 8D70 950D 53FB 729A 8B17
11:31 p.m.
New subject: howto use tcpdump, was kget can resume downloads, other download managers can't
shirish wrote:
--
Linux Centric Marketplace: http://www.tuxcompatible.com
Reply in-line :-
On Tue, Jan 27, 2009 at 13:56, shirish <shirishag75(a)gmail.com> wrote:
<snip>
That is the number of bytes the tcpdump defaults to capturing with the -s0
option. From the tcpdump manpage ...
-s Snarf snaplen bytes of data from each packet ....Setting snaplen to
0 means use the required length to catch whole packets.
eg:
[root@laptop ~]# tcpdump -s1500 -w output.cap host 59.95.28.28
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 1500 bytes
^C0 packets captured
...
...
HTH
- steve
$ sudo tcpdump -s0 -i eth1 -w output.cap host
59.95.28.28
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size
65535 bytes
^C34 packets captured
36 packets received by filter
0 packets dropped by kernel
I dunno what is this capture size is 65535 bytes and what it is being
influenced by?
1:55 p.m.
New subject: howto use tcpdump, was kget can resume downloads, other download managers can't
Addition
On Tue, Jan 27, 2009 at 13:56, shirish <shirishag75(a)gmail.com> wrote:
Reply in-line :-
<snip>
Hi Mehul,
Thanks for replying. Got it working, had to modify the command
just a bit.
$ sudo tcpdump -s0 -i eth1 -w output.cap host 59.95.28.28
tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size
65535 bytes
^C34 packets captured
36 packets received by filter
0 packets dropped by kernel
<snip>
Also isn't it queer that it showing link-type EN10MB (Ethernet)
from what I know its supposed to be a 100 mbps ethernet card.
$ lspci | grep Realtek
03:02.0 Ethernet controller: Realtek Semiconductor Co., Ltd.
RTL-8139/8139C/8139C+ (rev 10)
--
Regards,
Shirish Agarwal
My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
065C 6D79 A68C E7EA 52B3 8D70 950D 53FB 729A 8B17
--
Regards,
Shirish Agarwal
My quotes in this email licensed under CC 3.0
http://creativecommons.org/licenses/by-nc/3.0/
http://flossexperiences.wordpress.com
065C 6D79 A68C E7EA 52B3 8D70 950D 53FB 729A 8B17
11:38 p.m.
New subject: howto use tcpdump, was kget can resume downloads, other download managers can't
shirish wrote:
Also isn't it queer that it showing link-type
EN10MB (Ethernet)
from what I know its supposed to be a 100 mbps ethernet card.
$ lspci | grep Realtek
03:02.0 Ethernet controller: Realtek Semiconductor Co., Ltd.
RTL-8139/8139C/8139C+ (rev 10)
Heh, I had to google for this, because, it showed the same for me, and the weird
part is I had never really noticed it till now (although i keep using tcpdump
every once in a while).
Answer is fairly simple ...
http://www.usenet-forums.com/linux-networking/69123-tcpdump.html
cheers,
- steve
--
Linux Centric Marketplace: http://www.tuxcompatible.com
5431
days inactive
5431
days old
6 comments
3 participants
participants (3)
-
Mehul Ved -
shirish -
steve