Search Results

Search found 1594 results on 64 pages for 'packet sniffers'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 11/64 | < Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >

  • PCAP Web Service Usage Logging for Dummies

    - by nick
    I've been assigned the task (for work) of working with PCAP for the first time in my life. I've read through the tutorials and have hacked together a real simple capture program which, it turns out, isn't that hard. However, making use of the data is more difficult. My goal is to log incomming and outgoing web service requests. Are there libraries (C or C++) that stitch together the packets from PCAP that would make reporting on this simple? Baring that is there something short of reading all of the RFC's from soup to nuts that will allow me to have an "ah-ha!" moment (all of the tutorials seem to stop at the raw packet level which isn't useful for me)? It looks like PERL has a library that may do this and I may eventually attempt a reverse engineer from PERL. NOTE BENE: Web Server logs aren't acceptable here as I will be intercepting on a routing device. If I had access to those I'd be done and happy...I don't.

    Read the article

  • Capture IP packets on Dialup connection - Windows 7

    - by Assaf Levy
    Our product utilizes (the wonderful) Winpcap to capture ip packets from all devices with an IP address and analyze them in real time. Unfortunately, we discovered that it does NOT capture any packets on dialup (e.g. PPP) connections on Windows 7, and that there are no near-term plans for enabling this (1). So we need something else. Microsoft Network Monitor and Windows Packet Filter are two options that surfaced during a bit of googling, but before delving into research I wanted to ask the experienced: what are out options, given the following requirements: Capture all in/outbound IP packets on the machine. Complete background processing - no UI should be involved. Support Windows Vista / 7. Performance (user should not feel the difference). Thanks in advance.

    Read the article

  • How do I fix issue causing "incomplete startup packet" log message trying to implement replication in Postgresql?

    - by colour me brad
    I've got two cloud servers running Ubuntu 13.04 and PostgreSQL 9.2. I've primarily used this blog post to aid me in setting things up. However, to do the initial database dump to the slave I'm using pg_start_backup/pg_stop_backup strategy used in this other blog post. I've read through the docs and postgres wikis as well. I ran into several problems I was able to solve, but I can't get past this wretched "the database is starting up" failure. I'm not sure if seeing "cp: cannot stat '/var/lib/postgresql/9.2/archive/00000001000000000000003A': No such file or directory" after "consistent recover state reached" is normal or the first sign of a problem. The searching I've done on "the database is starting up" and "incomplete startup packet" tells me that something is sending empty TCP packets to the slave. The only thing that even knows about the slave is the master, so I'm not sure why it's sending empty packets... Has anyone worked with this and have an idea what might be going wrong? The postgres log on the slave looks like so: 2013-08-26 13:01:38 CDT LOG: entering standby mode 2013-08-26 13:01:38 CDT LOG: restored log file "000000010000000000000039" from archive 2013-08-26 13:01:38 CDT LOG: incomplete startup packet 2013-08-26 13:01:39 CDT LOG: redo starts at 0/39000020 2013-08-26 13:01:39 CDT LOG: consistent recovery state reached at 0/390000E0 cp: cannot stat '/var/lib/postgresql/9.2/archive/00000001000000000000003A': No such file or directory 2013-08-26 13:01:39 CDT LOG: streaming replication successfully connected to primary 2013-08-26 13:01:39 CDT FATAL: the database system is starting up 2013-08-26 13:01:39 CDT FATAL: the database system is starting up 2013-08-26 13:01:40 CDT FATAL: the database system is starting up 2013-08-26 13:01:40 CDT FATAL: the database system is starting up 2013-08-26 13:01:41 CDT FATAL: the database system is starting up 2013-08-26 13:01:42 CDT FATAL: the database system is starting up 2013-08-26 13:01:42 CDT FATAL: the database system is starting up 2013-08-26 13:01:43 CDT FATAL: the database system is starting up 2013-08-26 13:01:43 CDT FATAL: the database system is starting up 2013-08-26 13:01:44 CDT FATAL: the database system is starting up 2013-08-26 13:01:44 CDT FATAL: the database system is starting up 2013-08-26 13:01:44 CDT LOG: incomplete startup packet 2013-08-26 13:03:27 CDT FATAL: the database system is starting up 2013-08-26 13:03:27 CDT FATAL: the database system is starting up 2013-08-26 13:03:30 CDT FATAL: the database system is starting up 2013-08-26 13:03:30 CDT FATAL: the database system is starting up thanks! brad

    Read the article

  • Other Ideas to troubleshoot Cisco IPSec VPN on OSX?

    - by Tawm
    We have one user running OSX Snow Leopard who is having issues staying connected to our VPN running off of an ASA5510. His connection can die even as he's actively pushing traffic across it or if he's been idle for a period of time. Other users on Snow Leopard, Lion, XP, Vista, 7 and various linux flavors are able to stay connected for 24hrs+ without issue We've deleted and remade the connection in System Preferences Networking, ran killall racoon (kills any lingering connections) Below are the logs from the user's system.log from a connect/disconnect cycle: Oct 10 21:22:25 username racoon[8192]: Connecting. Oct 10 21:22:25 username racoon[8192]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 1). Oct 10 21:22:25 username racoon[8192]: IKEv1 Phase1 AUTH: success. (Initiator, Aggressive-Mode Message 2). Oct 10 21:22:25 username racoon[8192]: IKE Packet: receive success. (Initiator, Aggressive-Mode message 2). Oct 10 21:22:25 username racoon[8192]: IKEv1 Phase1 Initiator: success. (Initiator, Aggressive-Mode). Oct 10 21:22:25 username racoon[8192]: IKE Packet: transmit success. (Initiator, Aggressive-Mode message 3). Oct 10 21:22:29 username racoon[8192]: IKE Packet: transmit success. (Mode-Config message). Oct 10 21:22:29 username racoon[8192]: IKEv1 XAUTH: success. (XAUTH Status is OK). Oct 10 21:22:29 username racoon[8192]: IKE Packet: transmit success. (Mode-Config message). Oct 10 21:22:29 username racoon[8192]: IKEv1 Config: retransmited. (Mode-Config retransmit). Oct 10 21:22:29 username racoon[8192]: IKE Packet: receive success. (MODE-Config). Oct 10 21:22:29 username configd[14]: event_callback: Address added. previous interface setting (name: en1, address: 192.168.0.100), current interface setting (name: utun0, family: 1001, address: 10.215.8.53, subnet: 255.0.0.0, destination: 10.215.8.53). Oct 10 21:22:29 username racoon[8192]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1). Oct 10 21:22:29 username configd[14]: network configuration changed. Oct 10 21:22:29 username racoon[8192]: IKE Packet: receive success. (Initiator, Quick-Mode message 2). Oct 10 21:22:29 username racoon[8192]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3). Oct 10 21:22:29 username racoon[8192]: IKEv1 Phase2 Initiator: success. (Initiator, Quick-Mode). Oct 10 21:22:29 username racoon[8192]: Connected. Oct 10 21:22:29 username configd[14]: SCNCController: Connected. Oct 10 21:22:29 username racoon[8192]: IKE Packet: transmit success. (Initiator, Quick-Mode message 1). Oct 10 21:22:29 username racoon[8192]: IKE Packet: receive success. (Initiator, Quick-Mode message 2). Oct 10 21:22:29 username racoon[8192]: IKE Packet: transmit success. (Initiator, Quick-Mode message 3). Oct 10 21:22:29 username racoon[8192]: IKEv1 Phase2 Initiator: success. (Initiator, Quick-Mode). Oct 10 21:22:47 username login[8200]: USER_PROCESS: 8200 ttys003 Oct 10 21:22:48 username GrowlHelperApp[160]: Periodic CFURLCache Insert stats (iters: 17240) - Tx time:0.001749, # of Inserts: 1, # of bytes written: 304, Did shrink: NO, Size of cache-file: 26624, Num of Failures: 0 Oct 10 21:25:24 username login[7367]: DEAD_PROCESS: 7367 ttys002 Oct 10 21:25:31 username login[7907]: DEAD_PROCESS: 7907 ttys001 Oct 10 21:27:32 username configd[14]: SCNCController: Disconnecting. (Connection was up for, 303 seconds). Oct 10 21:27:32 username racoon[8192]: IKE Packet: transmit success. (Information message). Oct 10 21:27:32 username racoon[8192]: IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA). Oct 10 21:27:32 username racoon[8192]: IKE Packet: transmit success. (Information message). Oct 10 21:27:32 username racoon[8192]: IKEv1 Information-Notice: transmit success. (Delete IPSEC-SA). Oct 10 21:27:32 username racoon[8192]: IKE Packet: transmit success. (Information message). Oct 10 21:27:32 username racoon[8192]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA). Oct 10 21:27:32 username racoon[8192]: Disconnecting. (Connection was up for, 302.766105 seconds). Oct 10 21:27:32 username configd[14]: network configuration changed. Oct 10 21:27:34 username login[8200]: DEAD_PROCESS: 8200 ttys003

    Read the article

  • What is causing a vm to exhibit packet loss?

    - by d03boy
    We have a pretty nice piece of hardware set up to run multiple virtual machines in vmware and one of the vm's is an instance of Windows Server 2003 running SQL Server 2005. For some reason we occasionally see 10-20 seconds of straight packet loss to this machine from remote machines (my workstation) as well as other vm's on the same physical hardware. I am using PingPlotter to keep a close eye on the packet loss. So far we've turned off flow control on the NIC but we are already running out of other things to try. What might be causing this and how can I identify the problem? Note: We also have another server with a very similar configuration with the same type of problem to a lesser extent (because its not used as heavily?)

    Read the article

  • How to get more NFS packet details from Wireshark?

    - by Joe Swanson
    How can I get Wireshark to give me details about NFS packets at this level of granularity? (as exemplified here here) Specifically, I am interesting in looking at the the "Stable" option toward the bottom. When I analyze captured packets (whether by capturing directly via Wireshark, importing from a tshark dump, or importing from a tcpdump dump), I do not see a "Network File System" section in the packet details. I only get general TCP information. It recognizes that a packet is destined for a NFS port, but I am not able to see these details. Any ideas?

    Read the article

  • What is causing a vm to exhibit packet loss?

    - by Joe Philllips
    We have a pretty nice piece of hardware set up to run multiple virtual machines in vmware and one of the vm's is an instance of Windows Server 2003 running SQL Server 2005. For some reason we occasionally see 10-20 seconds of straight packet loss to this machine from remote machines (my workstation) as well as other vm's on the same physical hardware. I am using PingPlotter to keep a close eye on the packet loss. So far we've turned off flow control on the NIC but we are already running out of other things to try. What might be causing this and how can I identify the problem? Note: We also have another server with a very similar configuration with the same type of problem to a lesser extent (because its not used as heavily?)

    Read the article

  • Attempting to caue packet loss with netem doesn't work - possibly because of NAT (but delay does work)

    - by tomdee
    I have traffic from a WIFI access point routed via an Ubuntu box. I have two network interfaces which are NATed *filter :INPUT ACCEPT [11:690] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [37:6224] -A FORWARD -s 192.168.2.0/24 -i eth1 -o eth0 -m conntrack --ctstate NEW -j ACCEPT -A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT COMMIT # Completed on Thu Mar 15 13:37:21 2012 # Generated by iptables-save v1.4.10 on Thu Mar 15 13:37:21 2012 *nat :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A POSTROUTING -j MASQUERADE COMMIT If I run a ping app on an Android device connected to the WIFI network I can happily ping google. If I use netem to introduce some delay tc qdisc change dev eth0 root netem delay 100ms I can clearly see pings taking longer. If I use netem to introduce some packet loss tc qdisc change dev ifb0 root netem loss 50% then I see no change. Packet loss does work fine for locally generated traffic, just not for traffic coming in over the network that's being NATed. Any ideas how to sort this out?

    Read the article

  • tcpdump on dd-wrt router

    - by Senica Gonzalez
    I'm trying to capture packets from two devices on my network. I have tcpdump installed on my dd-wrt router and working correctly. However, the only packets I capture are broadcast packets when using a tcpdump statement that states only those two devices ./tcpdump -w /tmp/capture.pcap dst 192.168.3.105 or src 192.168.3.105 or dst 192.168.3.136 or src 192.168.3.136 I'm capturing on intefface br0. Is that correct? Both devices are plugged in directly to the ports 1 and 2 with ip addresses 192.168.3.105 and 192.168.3.136 respectively. Do I need to set br0 in promiscuous mode? A little stuck. Thanks.

    Read the article

  • Issue reading packets from a pcap file. dpkt

    - by Chris
    I am running the following test script to try to read packets from a sample .pcap file I have downloaded. import socket import dpkt import sys pcapReader = dpkt.pcap.Reader(file("test1.pcap", "rb")) for ts, data in pcapReader: ether = dpkt.ethernet.Ethernet(data) if ether.type != dpkt.ethernet.ETH_TYPE_IP: raise ip = ether.data src = socket.inet_ntoa(ip.src) dst = socket.inet_ntoa(ip.dst) print "%s -> %s" % (src, dst) For some reason, this is not being interpreted properly. When running it, I get KeyError: 138 module body in test.py at line 4 function __init__ in pcap.py at line 105 Program exited. Why is this? What's wrong?

    Read the article

  • Network programming and Packets interactions.

    - by Eyla
    Greeting, This month I will start working on my master thesis. My thesis's subject is about network security. I need to deal with network interfaces and packets. I've used shappcap before to interact with packets but I'm not sure if C# is the most powerful language to deal with network programing and packets. I worked a bit with winshark and I saw how powerful it is and as you know winsharp is open source developed using C++. I'm not sure if I should use C# or C++ for network security programming and I want your through about the best language might be for network programming and packets interaction. should I use C#, C++, or java or some thing else? please give me your advice. Thank you,

    Read the article

  • How to capture HTTP response with C#?

    - by Mika Kolari
    How do I capture HTTP response when the request is made by web browser? Webpage retrieves data (with post) from a service. Service returns a json object. What I want is to capture that json and parse it in realtime. What would be the simplest way to do it?

    Read the article

  • extract payload from tcpflow output

    - by Felipe Alvarez
    Tcpflow outputs a bunch of files, many of which are HTTP responses from a web server. Inside, they contain HTTP headers, including Content-type: , and other important ones. I'm trying to write a script that can extract just the payload data (i.e. image/jpeg; text/html; et al.) and save it to a file [optional: with an appropriate name and file extension]. The EOL chars are \r\n (CRLF) and so this makes it difficult to use in GNU distros (in my experiences). I've been trying something along the lines of: sed /HTTP/,/^$/d To delete all text from the the beginning of HTTP (incl) to the end of \r\n\r\n (incl) but I have found no luck. I'm looking for help from anyone with good experience in sed and/or awk. I have zero experience with Perl, please I'd prefer to use common GNU command line utilities for this Find a sample tcpflow output file here. Thanks, Felipe

    Read the article

  • missing elements from pcap?

    - by Matthew
    When I check the attributes available to the module pcap, I expect to see something like 'DLT_AIRONET_HEADER', 'DLT_APPLE_IP_OVER_IEEE1394', 'DLT_ARCNET', 'DLT_ARCNET_LINUX', 'DLT_ATM_CLIP', 'DLT_ATM_RFC1483', 'DLT_AURORA', 'DLT_AX25', 'DLT_CHAOS', 'DLT_CISCO_IOS', 'DLT_C_HDLC', 'DLT_DOCSIS', 'DLT_ECONET', 'DLT_EN10MB', 'DLT_EN3MB', 'DLT_ENC', 'DLT_FDDI', 'DLT_FRELAY', 'DLT_IEEE802', 'DLT_IEEE802_11', 'DLT_IEEE802_11_RADIO', 'DLT_IEEE802_11_RADIO_AVS', 'DLT_IPFILTER', 'DLT_IP_OVER_FC', 'DLT_JUNIPER_ATM1', 'DLT_JUNIPER_ATM2', 'DLT_JUNIPER_ES', 'DLT_JUNIPER_GGSN', 'DLT_JUNIPER_MFR', 'DLT_JUNIPER_MLFR', 'DLT_JUNIPER_MLPPP', 'DLT_JUNIPER_MONITOR', 'DLT_JUNIPER_SERVICES', 'DLT_LINUX_IRDA', 'DLT_LINUX_SLL', 'DLT_LOOP', 'DLT_LTALK', 'DLT_NULL', 'DLT_PFLOG', 'DLT_PPP', 'DLT_PPP_BSDOS', 'DLT_PPP_ETHER', 'DLT_PPP_SERIAL', 'DLT_PRISM_HEADER', 'DLT_PRONET', 'DLT_RAW', 'DLT_RIO', 'DLT_SLIP', 'DLT_SLIP_BSDOS', 'DLT_SUNATM', 'DLT_SYMANTEC_FIREWALL', 'DLT_TZSP', 'builtins', 'doc', 'file', 'name', '_newclass', '_object', '_pcap', '_swig_getattr', '_swig_setattr', 'aton', 'dltname', 'dltvalue', 'findalldevs', 'lookupdev', 'lookupnet', 'ntoa', 'pcapObject', 'pcapObjectPtr'] With note on pcapObject. However, all I get when running dir(pcap) is ['DLT_ARCNET', 'DLT_AX25', 'DLT_CHAOS', 'DLT_EN10MB', 'DLT_EN3MB', 'DLT_FDDI', 'DLT_IEEE802', 'DLT_LINUX_SLL', 'DLT_LOOP', 'DLT_NULL', 'DLT_PFLOG', 'DLT_PFSYNC', 'DLT_PPP', 'DLT_PRONET', 'DLT_RAW', 'DLT_SLIP', 'author', 'builtins', 'copyright', 'doc', 'file', 'license', 'name', 'url', 'version', 'bpf', 'dltoff', 'ex_name', 'lookupdev', 'pcap', 'sys'] Noting the lack of pcapObject. Why is this? What could cause this?

    Read the article

  • Python port forwarding/multiplexing server

    - by Ib33X
    I would like to make server that listen on UDP port 162 (SNMP trap) and then forwards this traffic to multiple clients. Also important is that the source port & address stays same (address spoofing). I guess that best tool for this would be Twisted or Scapy or mybe vanilla sockets, only I can't find anything in the documentation for Twisted about source address spoofing/forging. What would you recommend me to do? Edit:added bounty

    Read the article

  • libnet that properly calculates checksum on IPV6

    - by VeaEm
    I have recently started playing around with libnet and using it to generate IPV6 packets. I am very new at programming, however, I am quite happy with the library. I have one problem with it though. It seems that libnet currently does not have the ability to properly calculate checksums on IPV6 packets. Being so new to programming, I am not yet capable of fixing this problem (although I am learning, so that one day I can). I am curious, has anyone run across a version of the library that can do this properly? Thanks!

    Read the article

  • Scapy install issues. Nothing seems to actually be installed?

    - by Chris
    I have an apple computer running Leopard with python 2.6. I downloaded the latest version of scapy and ran "python setup.py install". All went according to plan. Now, when I try to run it in interactive mode by just typing "scapy", it throws a bunch of errors. What gives! Just in case, here is the FULL error message.. INFO: Can't import python gnuplot wrapper . Won't be able to plot. INFO: Can't import PyX. Won't be able to use psdump() or pdfdump(). ERROR: Unable to import pcap module: No module named pcap/No module named pcapy ERROR: Unable to import dnet module: No module named dnet Traceback (most recent call last): File "/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/runpy.py", line 122, in _run_module_as_main "__main__", fname, loader, pkg_name) File "/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/runpy.py", line 34, in _run_code exec code in run_globals File "/Users/owner1/Downloads/scapy-2.1.0/scapy/__init__.py", line 10, in <module> interact() File "scapy/main.py", line 245, in interact scapy_builtins = __import__("all",globals(),locals(),".").__dict__ File "scapy/all.py", line 25, in <module> from route6 import * File "scapy/route6.py", line 264, in <module> conf.route6 = Route6() File "scapy/route6.py", line 26, in __init__ self.resync() File "scapy/route6.py", line 39, in resync self.routes = read_routes6() File "scapy/arch/unix.py", line 147, in read_routes6 lifaddr = in6_getifaddr() File "scapy/arch/unix.py", line 123, in in6_getifaddr i = dnet.intf() NameError: global name 'dnet' is not defined

    Read the article

  • Algorithm for non-contiguous netmask match

    - by Gianluca
    Hi, I have to write a really really fast algorithm to match an IP address to a list of groups, where each group is defined using a notation like 192.168.0.0/252.255.0.255. As you can see, the bitmask can contain zeros even in the middle, so the traditional "longest prefix match" algorithms won't work. If an IP matches two groups, it will be assigned to the group containing most 1's in the netmask. I'm not working with many entries (let's say < 1000) and I don't want to use a data structure requiring a large memory footprint (let's say 1-2 MB), but it really has to be fast (of course I can't afford a linear search). Do you have any suggestion? Thanks guys. UPDATE: I found something quite interesting at http://www.cse.usf.edu/~ligatti/papers/grouper-conf.pdf, but it's still too memory-hungry for my utopic use case

    Read the article

  • What's the BPF for HTTP?

    - by Gtker
    The definition can be seen here. The candidate answer may be tcp and dst port 80,but can tcp and dst port 80 guarantee it's HTTP traffic and includes all HTTP traffic? It seems not,because some site can be visited by specifying a different port other than 80 this way: http://domain.name:8080 So my question is: what's the exact BPF for HTTP?

    Read the article

  • Example of moving from MySQL to NoSQL?

    - by OverTheRainbow
    Hello, For a Facebook-like site, ie. which is write-intensive and delivers user-customized pages, I'd like to build a prototype to investigate whether the document-centric NoSQL architecture would be a good alternative to sharding and reduce the load on the single master (+ multiple slaves) that we currently use and is the bottleneck. Does someone know of a good article that would give actual, simple examples of going from a relational layout in MySQL to a NoSQL layout? Thank you.

    Read the article

  • how does teamviewer find my computer even if my comp. behind of the firewall and firewall isn't conf

    - by uzay95
    Did you use teamviewer? (comic question i know... Who doesn't use it?) Do you have any idea how does teamviewer make connection even if i am behind the router, firewall, switch and my local firewall..? I'm trying to imagine a connection that is between remote machinge and my computer. Remote machine is sending the packets (and its header (for instance, destination IP, message body)) to me but it only knows my id number(which is given by my local teamviewer application). And this packets are reaching to my computer even if there is a juniper firewall (and also my windows firewall). What kind a message body is recieving by computer? (of course it is not like xml, text, html, excel :) Do you have any idea? PS. Please share your knowledge like you are explaining to beginner level user.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 7 8 9 10 11 12 13 14 15 16 17 18  | Next Page >