tcpdump-examples

In networking, a port is a virtual place on a machine that is open to connections from other machines. Every networked computer has a standard number of ports, and each port is reserved for certain types of communication.

Think of ports for ships in a harbor: each shipping port is numbered, and different kinds of ships are supposed to go to specific shipping ports to unload cargo or passengers. Networking is the same way: certain types of communications are supposed to go to certain network ports. The difference is that the network ports are virtual; they are places for digital connections rather than physical connections.

DNS Port

Most of the time, DNS happens over UDP port 53. It's lightweight and faster than TCP. This is to reduce performance overhead on the DNS server due to the number of requests it is likely to receive.

But DNS servers still need to be available on TCP. Zone transfers happen over TCP port 53. This happens on the DNS server side which is not related to the end-user.

Sort By memory Usage per-process in the interactive menu

press Shift+f to enter the interactive menu
press the up or down arrow until the %MEM choice is highlighted
press s to select %MEM choice
press enter to save your selection
press q to exit the interactive menu

top sort by memory

What are TCP flags?

Each TCP flag corresponds to 1 bit in size. The list below describes each flag in greater detail. Additionally, check out the corresponding RFC section attributed to certain flags for a more comprehensive explanation.

SYN - The synchronisation flag is used as a first step in establishing a three way handshake between two hosts. Only the first packet from both the sender and receiver should have this flag set. The following diagram illustrates a three way handshake process.
ACK - The acknowledgment flag is used to acknowledge the successful receipt of a packet. As we can see from the diagram above, the receiver sends an ACK as well as a SYN in the second step of the three way handshake process to tell the sender that it received its initial packet.

This type of for loop is characterized by counting. The range is specified by a beginning (#1) and ending number (#5). The for loop executes a sequence of commands for each member in a list of items. A representative example in BASH is as follows to display welcome message 5 times with for loop:


#!/bin/bash
for i in 1 2 3 4 5
do

Linux high IOwait is a common Linux performance issue. Today we will look at what iowait means and what contributes to this problem. Hope this can give you more ideas about high IOwait issue.

What is IOwait?

IO wait is related to the CPU resource on the server.

The iowait column on top command output shows the percentage of time that the processor was waiting for I/O to complete. It indicates that the system is waiting on disk or network IO. Because the system is waiting on those resources, it can not fully utilize the CPU.

Learn more about what IOwait here.

source: Why Tcp Window Scaling Improves Network Performance?

Tcp window scaling is a key design in tcp protocol to improve network performance. Today we will dive into this topic to see how tcp window scale works in Linux.

How to capture SSH Traffic with Tcpdump?

We can filter tcp port 22 in tcpdump command to capture all the ssh traffic.

tcpdump -i eth0 tcp port 22

tcpdump -i eth0 'tcp[2:2] = 22'

The output of tcpdump is format dependant. A typical output line for TCP looks like this.

Tcpdump is a CLI tool to capture raw network packets. This is useful for various forms of network troubleshooting. This cheat sheet covers all the basic and advanced options for tcpdump.

Tcpdump cheat sheet

how-to-use-tcpdump

Tcpdump command is a famous network packet analyzing tool that is used to display TCP\IP & other network packets being transmitted over the network attached to the system on which tcpdump has been installed. Tcpdump uses libpcap library to capture the network packets & is available on almost all Linux/Unix flavors.

Capture ICMP Packets With Tcpdump

How to use tcpdump to capture CDP or LLDP packet?

tcpdump -v -s 1500 -c 1 '(ether[12:2]=0x88cc or ether[20:2]=0x2000)'

How to use tcpdump to filter CDP packet?

This will often show you the uplink Cisco chassis switch info like the native vlan, port info, device name, serial name etc.

tcpdump -v -s 1500 -c 1 'ether[20:2] == 0x2000'

	In networking, a port is a virtual place on a machine that is open to connections from other machines. Every networked computer has a standard number of ports, and each port is reserved for certain types of communication.

	Think of ports for ships in a harbor: each shipping port is numbered, and different kinds of ships are supposed to go to specific shipping ports to unload cargo or passengers. Networking is the same way: certain types of communications are supposed to go to certain network ports. The difference is that the network ports are virtual; they are places for digital connections rather than physical connections.


	## DNS Port
	Most of the time, DNS happens over UDP port 53. It's lightweight and faster than TCP. This is to reduce performance overhead on the DNS server due to the number of requests it is likely to receive.

	But DNS servers still need to be available on TCP. Zone transfers happen over TCP port 53. This happens on the DNS server side which is not related to the end-user.