Im using tcpdump to generate some captures between a client, proxy and an origin server. I was wondering if its possible to either within wireshark or thru some param to indicate in each packet what TCP status the device is at e.g. ip 10.20.30.34 -- CLOSE_WAIT etc.. ...
Hey folks, I've got a tcpdump command running from a bash script. looks something like this. tcpdump -nttttAr /path/to/file -F /my/filter/file The filter file has a combination of ip addresses and host names. i.e. host 111.111.111.111 or host 112.112.112.112 and not (host abc.com or host def.com or host zyx.com). And it works grea...
I am doing research about network traffic characterization. While processing collected data (captured by tcpdump and saved to a database), I stumbled over the weird phenomenon with packet (or flow) inter-arrival times: Inter-arrival times of 35-170µsec are never observed Of course, without a DAG card (which would do hardware time stamp...