How to install and use TCPdump (capture packets)

 

Introduction

In this tutorial, we’re going to bring you a popular network tool you should know about in order to correctly manage your networks.

We are assuming that you have root permission, otherwise, you may start commands with “sudo”.

Install TCPdump

TCPdump is a powerful command-line packet analyzer tool which used to capture or filter TCP/IP packets that received or transferred over a network on a specific interface. it’s available on every Linux flavor for free of course.

Install TCPdump on CentOS:

yum install tcpdump

Install TCPdump on Debian and Ubuntu:

apt-get install tcpdump

Once the TCPdump tool is installed, you can continue to browse following commands.

Capture packets from a specific interface

If you execute the TCPdump command with the “-i” flag you can name an interface and the TCPdump tool will start capture that specific interface packets for you.

tcpdump -i eth0

Capture only specific number of packets

Using “-c” flag will allow you to capture a specific number of packets, for example, with the command below we can capture 20 packets of our eth0 interface:

tcpdump -i eth0 -c 20

Print captured packets in ASCII

The below TCPdump command with the flag “-A” displays the packages in ASCII format. it’s a character-encoding scheme format.

tcpdump -i eth0 -A

Display available interfaces

To get a list of available interfaces on the system you can run the following command:

tcpdump -D

Capture and save packets in a file

TCPdump has a feature to capture and save its result in a “.pcap” file, to do this just execute:

tcpdump -w eth0.pcap -i eth0

If you don’t use “-c” flag it will start capturing eth0 and write the result to the output file until you break it with “Ctrl+c”.

For read and analyze the file that you just created execute:

tcpdump -r eth0.pcap

Capture IP address packets

If you want to capture your network interface and analyze the IP address you can use the “-n” flag it will stop translating IP addresses into Hostnames and This can be used to avoid DNS lookups.

tcpdump -n -i eth0

Capture only TCP packets

To capture packets based on TCP ports, add a “tcp” in your command:

tcpdump -i eth0 -c 20 -w tcpanalyze.pcap tcp

Capture packets from a specific port

Let’s assume you want to monitor on a specific port like 80, you can use the following command to do that with TCPdump:

tcpdump -i eth0 port 80

Filter records with source and destination IP

To Capture packets from a source IP you can use the following command:

tcpdump -i eth0 src 192.168.1.1

You can monitor packets from a destination IP as well with the command below:

tcpdump -i eth0 dst 192.168.1.1

How to clean expired tokens in WSO2 Identity Server

In this blog post we are discussing on how to remove expired tokens in WSO2 Identity Server.

Please Create procedure in PostgreSQL

https://raw.githubusercontent.com/wso2/carbon-identity-framework/master/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/stored-procedures/postgresql/postgre-9x/token-cleanup/postgresql-token-cleanup.sql

Please update PostgreSQL connection details in in below script and execute to remove token as batches.

https://raw.githubusercontent.com/wso2/carbon-identity-framework/master/features/identity-core/org.wso2.carbon.identity.core.server.feature/resources/dbscripts/stored-procedures/postgresql/postgre-9x/token-cleanup/token-cleanup-runner.sh

Reindex DB

REINDEX DATABASE WSO2;

Run Vaccum cleaning

VACUUM VERBOSE ANALYZE idn_oauth2_access_token;

VACUUM VERBOSE ANALYZE idn_oauth2_access_token_scope;

VACUUM VERBOSE ANALYZE idn_oauth2_authorization_code;

How to change wso2 console admin password

 

export CLASSPATH=/opt/wso2is-5.4.1/repository/components/lib/postgresql-42.0.0.jar:.

./bin/chpasswd.sh --db-driver org.postgresql.Driver --db-username <DBUSER> --db-password <DBPASSWORD> --username admin --new-password Admin@123 --db-url jdbc:postgresql://postgresql-service:5432/postgres