Archive for the tag 'packet'

SBDavid
May 5th, 2010

How to check packet Flows using tcpdump

How to check packet Flows using tcpdump

Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression. It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets that match expression will be processed by tcpdump.

One of the most common uses of tcpdump is to determine whether you are getting basic two-way communication.

Command Options:

icmp View icmp packets
tcp port port-number View TCP packets with packets with either a source or destination TCP port of port-number
udp port port-number View UDP packets with either a source or destination UDP port of port-number

Example:

tcpdump -i eth0 icmp

By using the -w filename option you can send the entire Ethernet frame, not just a brief IP information that normally goes to the screen, to a file. This can then be analyzed by graphical analysis tools such as Wireshark, which is available in both Windows and Linux

tcpdump -i eth0 -w /tmp/tcp.dump tcp port 22

The -n switch stops DNS name lookups and will make tcpdump work more reliably.

tcpdump -i eth0 -n tcp port 22
SBDavid
Apr 28th, 2010

Got a packet bigger than ‘max_allowed_packet’ bytes

Got a packet bigger than ‘max_allowed_packet’ bytes

If you get this error when trying to dump a MySQL DB, this is due to the packet limit of MySQL server.

To solve this issue, add an extra entry into /etc/my.cnf file under [mysqld] group:

max_allowed_packet = 100M

This will reset the limitation to 100Mb for file insertion into blob type (or longblob) column. Then restart mysql server:

/sbin/service mysql restart

Reference:
http://dev.mysql.com/doc/refman/5.1/en/server-system-variables.html#sysvar_max_allowed_packet