Is it possible to specify tcpdump that I want it to interpret packet differently before printing it to STDOUT?

Posted on

Is it possible to specify tcpdump that I want it to interpret packet differently before printing it to STDOUT? – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, tcpdump, packet-capture, , .

I am using iperf to pinpoint packet reordering issue. Unfortunately, tcpdump does not know how to parse iperf’s UDP payload that I could use to pinpoint the issue. I know that iperf stores packet sequence ID in the first 32-bits of the UDP payload.

Is there an elegant way to tell tcpdump that I want it to interpret these first 32-bits in iperf’s UDP payload as decimal, unsigned 32-bit integer and print this integer it in STDOUT for each packet?

One quick solution seems to be to use tcpdump -X flag to print packet contents in hex dump and then later pipe this STDOUT through my program, but I would have to write this rather quite complex program myself that has to deal with network endian issues and so on.

Solution :

The only way to change the way tcpdump interprets packet data is to get the source code, modify it to interpret the packet data the way you want, compile the resulting source code, and use the resulting binary.

If you don’t want to do that, perhaps you could use tshark instead; if it doesn’t understand iperf packets, and if it’s built with Lua, you could write a Lua dissector for those packets.

Leave a Reply

Your email address will not be published.