postIt » TCP https://lakm.us/postit Post-It sticky notes with PasteBin sense Thu, 02 Jan 2025 01:33:57 +0000 en-US hourly 1 http://wordpress.org/?v=4.0.18 tcpdump default truncate to 68 bytes sna … https://lakm.us/postit/2011/06/tcpdump-default-truncate-to-68-bytes-sna/ https://lakm.us/postit/2011/06/tcpdump-default-truncate-to-68-bytes-sna/#comments Wed, 15 Jun 2011 04:57:28 +0000 http://xp-racy.lan/postit/?p=132 tcpdump default truncate to 68 bytes snapshot length (snaplen). Use -s 0 to capture all packet length

tcpdump -s 0 -w /tmp/my240.dump -i eth1 port 2000
]]> https://lakm.us/postit/2011/06/tcpdump-default-truncate-to-68-bytes-sna/feed/ 0 In Wireshark If coloring of TCP analysi … https://lakm.us/postit/2010/08/in-wiresharkif-coloring-of-tcp-analysi/ https://lakm.us/postit/2010/08/in-wiresharkif-coloring-of-tcp-analysi/#comments Tue, 03 Aug 2010 10:52:38 +0000 http://xp-racy.lan/postit/?p=102 Preferences > Protocols > TCP]]> In Wireshark
If coloring of TCP analysis is disturbing i.e. black higlights, uncheck the “Validate the TCP checksum if possible” in Edit > Preferences > Protocols > TCP

]]> https://lakm.us/postit/2010/08/in-wiresharkif-coloring-of-tcp-analysi/feed/ 0 For SCAPv1 diameter TCP port in Wireshar … https://lakm.us/postit/2010/08/for-scapv1-diameter-tcp-port-in-wireshar/ https://lakm.us/postit/2010/08/for-scapv1-diameter-tcp-port-in-wireshar/#comments Tue, 03 Aug 2010 03:28:53 +0000 http://xp-racy.lan/postit/?p=101 Preferences > Protocols must be altered from standard 3868 to 1812]]> For SCAPv1 diameter TCP port in Wireshark Edit > Preferences > Protocols must be altered from standard 3868 to 1812

]]> https://lakm.us/postit/2010/08/for-scapv1-diameter-tcp-port-in-wireshar/feed/ 0 Filter out initial SYN (flags 0x02) of T … https://lakm.us/postit/2010/03/filter-out-initial-syn-flags-0x02-of-t/ https://lakm.us/postit/2010/03/filter-out-initial-syn-flags-0x02-of-t/#comments Sun, 21 Mar 2010 00:03:24 +0000 http://xp-racy.lan/postit/?p=44 Filter out initial SYN (flags 0x02) of TCP connection from specific source and destination:
tcp.flags == 0x02 and ip.src == 10.201.62.78 and ip.dst == 10.201.62.249

A series of sync packets will appear as:

1
2
3
4
5
6
7

No.     Time        Source                Destination           Protocol Info
      1 0.000000    10.201.62.78          10.201.62.249         TCP      53161 > 10010 [SYN] Seq=0 Win=49640 Len=0 MSS=1460 WS=0
      4 0.001124    10.201.62.78          10.201.62.249         TCP      53162 > 10010 [SYN] Seq=0 Win=49640 Len=0 MSS=1460 WS=0
      7 0.001556    10.201.62.78          10.201.62.249         TCP      53163 > 10010 [SYN] Seq=0 Win=49640 Len=0 MSS=1460 WS=0
     16 0.006334    10.201.62.78          10.201.62.249         TCP      53164 > 10010 [SYN] Seq=0 Win=49640 Len=0 MSS=1460 WS=0
     20 0.009590    10.201.62.78          10.201.62.249         TCP      53165 > 10010 [SYN] Seq=0 Win=49640 Len=0 MSS=1460 WS=0
     24 0.011687    10.201.62.78          10.201.62.249         TCP      53166 > 10010 [SYN] Seq=0 Win=49640 Len=0 MSS=1460 WS=0

In the above specific case, multiple ports i.e. 53163, 53162, etc. is starting conversation with port 10010 by sending out sync packets.

]]> https://lakm.us/postit/2010/03/filter-out-initial-syn-flags-0x02-of-t/feed/ 0