tcpdump | the TCPdump network dissector | Learning library

I tried these commands:

1.tcpdump -r bpf-pcap.pcapng -w op2.txt proto not dns and not tcp

2.tcpdump -r bpf-pcap.pcapng -w op2.txt proto not dns and tcp

None of these are correct. I also checked the manual page but couldn't find what's wrong.

What have I missed?

I am a little bit confused about my network setup at home.

This is the setup:

VLAN1 - 172.16.20.0/24 VLAN2 - 10.11.12.0/24

I am in the VLAN2 net (which is my WiFi), for the moment I allowed all traffic between both subnets.

My setup uses a KVM host for most of the services, my firewall lies on this machine and is virtualized (opnsense).

So the KVM network interfaces looks like this:

I wrote a simple packet capture in Rust on docker hosted by macOS. However, libc::recv doesn't return forever.

src/main.rs

I am using the ActiveMQ Artemis Broker and publishing to it through a client application.

Behavior observed:

• When my client is IPV4 a TLS handshake is established and data is published as expected, no problems.
• When my client is IPV6 , I see frequent re-connections being established between the client and the server(broker) and no data is being published.

Details:

• When using IPV6 the client does a 3 way handshake and attempts to send data. It also receives a Server Hello and sends application data.
• But the connection terminates and again reconnects. This loop keeps occurring.
• The client library, network infrastructure, and broker are all completely the same when using IPv4 and IPv6.

The client logs say:

I want to capture MQTT packets on the SSH Linux-based remote server using Wireshark from my home. I can capture data go out through the Internet, such as when I use this command line mosquitto_pub -h test.mosquitto.org -t topic -m "Hello", I can see the packets in Wireshark. But, When I publish data in localhost, such as using this command mosquitto_pub -d -h localhost -t hello/world -m "75" I can't see any packets in Wireshark. I want to make a client/server in the same remote server.

I use this command to open Wireshark:

I am trying a basic script that should be customized later on, but for now i need it to send a camera feed from a network connected raspberry Pi to multiple laptops on the same network.

I used udp streaming to a single device with the specific device address with the below code as a and it worked like a charm with no problem what so ever

sender

I have two servers, one serves HTTP and the other serves HTTPS.

I opened a TCP connection to the HTTP server

I would like to capture all wifi traffic from a specific device manufacturer using Wireshark/Tshark/TCPDump/etc. I want to use a CAPTURE filter, not a display filter. Basically, I want to capture all packets from the MAC address 11:22:33:xx:xx:xx and nothing else. Or, put another way, the first 3 octets or OUI of the MAC address using Berkeley Packet Filtering Syntax. Anyone have a preferred method?

I have a Java application which is deployed in EC2 and communicate with Dynamodb. I have enable VPC endpoint (Gateway endpoint) for Dynamodb. But I didn't notice any performance improvement with this change. Theoretically I should see less latency via VPC endpoint compared to public access. Also based on the tcpdump, I can see our application is still using public IP of dynamodb to communicate.

Here 52.119.232.38 is dynamodb public IP. How can I verify that our application in EC2 is using VPC endpoint to communicate with Dynamodb ?

• Both EC2 and VPC endpoint enable for same VPC.