From: John O Laoi on
> #tcpdump port 4957
> I want to obtain the payload data to see what is realy being exchanged
> between my Debian server and the outside network element . Can you please
> let me know how I can modify my command ?

Try
tcpdump host <IP-addr-deb-server> and port 4957

This will grab all packets to and from the server, which are to or
from port 4957

If you want traffic in one direction only, you can use "src host" or
"dst host" instead of "host", and/or
"src port" or "dst port" instaed of "port".

You could add -s 0 to ensure you grab entire packets regardless of
size, and -v, -vv or -vvv if you need more details on packets.


John


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/1f1816a91002200315o39f14dbdsd6376f5a3b9ec2f6(a)mail.gmail.com
From: Camaleón on
On Sat, 20 Feb 2010 11:06:26 +0000, Hadi Motamedi wrote:

>> Does "tcpshow" helps?

(...)

> I tried to install 'tcpshow' on my Debian , but 'apt-cache search
> tcpshow' didn't return anything . Can you please give me a hint?

Mmm, you're right. It seems that package is not available in Debian's
repos :-?

Anyway, have you tried to save the file with "tcpdump -w" and then read
it with "tcpdump -r" switch?

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/pan.2010.02.20.11.44.35(a)gmail.com
From: Hadi Motamedi on




> Date: Sat, 20 Feb 2010 11:15:33 +0000
> Subject: tcpdump?
> From: brianolaoi(a)gmail.com
> To: debian-user(a)lists.debian.org
>
> > #tcpdump port 4957
> > I want to obtain the payload data to see what is realy being exchanged
> > between my Debian server and the outside network element . Can you please
> > let me know how I can modify my command ?
>
> Try
> tcpdump host <IP-addr-deb-server> and port 4957
>
> This will grab all packets to and from the server, which are to or
> from port 4957
>
> If you want traffic in one direction only, you can use "src host" or
> "dst host" instead of "host", and/or
> "src port" or "dst port" instaed of "port".
>
> You could add -s 0 to ensure you grab entire packets regardless of
> size, and -v, -vv or -vvv if you need more details on packets.
>
>
> John
>
>
> --
> To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
> Archive: http://lists.debian.org/1f1816a91002200315o39f14dbdsd6376f5a3b9ec2f6(a)mail.gmail.com
>



I tried as the following :

#tcpdump -s 0 -vvv port 4957

But the output does not have additional data over the 'tcpdump port 4957' output . Can you please let me know what is wrong here?




_________________________________________________________________
Hotmail: Trusted email with powerful SPAM protection.
https://signup.live.com/signup.aspx?id=60969
From: Brent Clark on
On 20/02/2010 12:48, Hadi Motamedi wrote:
>
> I tried for the following :
> #tcpflow -c port 4957
> But it didn't produce any output . Can you please give me a hint?

K Lets start with a silly question

show us

netstat -nalptu | grep 4957

I.e. Do you have actually have something listening on that port.

Brent


--
To UNSUBSCRIBE, email to debian-user-REQUEST(a)lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster(a)lists.debian.org
Archive: http://lists.debian.org/4B800505.6080104(a)gmail.com
From: Alex Samad on
On Sat, Feb 20, 2010 at 07:22:29AM +0000, Hadi Motamedi wrote:

[snip]

> > try wireshark

[snip]

>
> I have Wireshark on my MS Windows platform . I captured the tcpdump output in a file and opened it in Wireshark , but I cannot find how to decode the udp payload data in ascii format . Can you please let me know how can I do that in Wireshark ?
>

So first you are trying to look at the data that is being sent to/from
exchange. You are trying to decode the udp packets ?

if so , then if anything out of the box can do it, that would be
wireshark, by default (atleast on the linux/debian version), it comes
with alot of decoders. Select the packet you are looking into and drill
down, you should have 3 windows of different information. with the
bottom window you can view the payload and if wireshark can decode it,
it will into something more sensible. but if its been encryted then you
are going to need the keys or a lot of money and time.


Why not explain what you are trying to do, you main goal