Thursday, August 14, 2014

Legacy tcpdump - "Packet size limited during capture"

Was doing some debugging the other day on a legacy system with an older version of tcpdump installed. When I imported to packets to Wireshark in order to better interpret the results - I saw the familiar message "Packet size limited during capture":

You never realize there's a problem with a packet capture until after you've finished and shipped it somewhere else for analysis
It's then I remembered that older versions of tcpdump default to a snaplen of 68 bytes. In order to correct this you need to manually specify a longer snaplen. From the manpage of tcpdump 3.9.4:
-s   Snarf snaplen bytes of data from each packet rather than the default of 68 (with SunOS's NIT, the minimum is actually 96).  68 bytes is adequate for IP, ICMP, TCP and UDP but may truncate protocol information from name server and NFS packets (see below).  Packets truncated because of a limited snapshot are indicated in the output with  ''[|proto]'', where proto is the name of the protocol level at which the truncation has occurred.  Note that taking larger snapshots both increases the amount of time it takes to process packets and, effectively, decreases the amount of packet buffering.  This may cause packets to be lost.  You should limit snaplen to the smallest number that will capture the protocol information you're interested in.  Setting snaplen to 0 means use the required length to catch whole packets.
So in order to capture the whole packet, you need to set a snaplen of 0 using the option "-s 0":

~]# tcpdump -i eth0 -n -s 0 host 192.168.1.1
This would capture traffic (-i eth0) on the eth0 interface, (-n) not converting host addresses to names, (-s 0) capturing the entire packet, (host 192.168.1.1) where the packet is to/from a host with the IP 192.168.1.1.
Posted by at No comments:
Labels:

Wednesday, July 9, 2014

Single Line Web Server in Python

This is an old trick, but very useful for transferring files in a pinch - especially in cross platform situations. Also great if you need a simple web server for testing.

The commands are simple.

For Python 2.x: python -m SimpleHTTPServer
[user@fedora folder1]$ python -m SimpleHTTPServer
Serving HTTP on 0.0.0.0 port 8000 ...
For Python 3.x: python3 -m http.server
[user@fedora folder1]$ python3 -m http.server
Serving HTTP on 0.0.0.0 port 8000 ...
Both of these default to port 8000, but you can add a port number to the end of the line to specify something else if you like. The current directory is used as the root folder. If an index.html or index.htm file is present it will be served initially, otherwise the server will provide a directory listing. Just point your browser to the system:
http://<your-ip-address>:8000
Make sure your firewall/IP-tables are properly adjusted to allow the inbound connection.

The terminal will show a running Apache style access log of connections. CTRL + c to exit.

Performance is pretty good too:



Official documentation here:
https://docs.python.org/2/library/simplehttpserver.html
https://docs.python.org/3/library/http.server.html


Posted by at No comments:
Labels: ,

Tuesday, April 1, 2014

Quick Decimal, Hex, Binary, Octal Conversion on Windows

Sometimes you just need a quick and dirty way to convert between number systems (decimal, hex, octal, binary). The built in Windows calculator will actually do this for you. Simply start the calculator and under "View" choose "Programmer".


This should switch to the Programmer calculator view. Set the mode to whatever number system you are converting from - it should default to Decimal, and enter the number.


From here you just select the number system you want to convert to.


The number auto updates to the new number system. Done, quick and easy.

Posted by at No comments:
Subscribe to: Posts (Atom)