tcpdump not capturing http or tcp/ssl traffic
I have been trying to learn tcpdump
and I am using this command to attempt to monitor my network:
sudo tcpdump -I -i en1
But this gives me a bunch of stuff I don't want, so I used this version to filter the packets:
sudo tcpdump -I -i en1 port 80 or 443
And it gives me nothing. I know you can't use your WiFi when using monitor mode, but I still can, so I think thats a sign something is wrong. I tried it with en0, but it couldn't go into monitor mode.
What am I doing wrong?
I am using a MacBook Pro with OS X 10.9.3, and I would like to be able to do this with tcpdump
, or any other utility that's built into OS X.
monitoring tcp tcpdump
bumped to the homepage by Community♦ 1 min ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have been trying to learn tcpdump
and I am using this command to attempt to monitor my network:
sudo tcpdump -I -i en1
But this gives me a bunch of stuff I don't want, so I used this version to filter the packets:
sudo tcpdump -I -i en1 port 80 or 443
And it gives me nothing. I know you can't use your WiFi when using monitor mode, but I still can, so I think thats a sign something is wrong. I tried it with en0, but it couldn't go into monitor mode.
What am I doing wrong?
I am using a MacBook Pro with OS X 10.9.3, and I would like to be able to do this with tcpdump
, or any other utility that's built into OS X.
monitoring tcp tcpdump
bumped to the homepage by Community♦ 1 min ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have been trying to learn tcpdump
and I am using this command to attempt to monitor my network:
sudo tcpdump -I -i en1
But this gives me a bunch of stuff I don't want, so I used this version to filter the packets:
sudo tcpdump -I -i en1 port 80 or 443
And it gives me nothing. I know you can't use your WiFi when using monitor mode, but I still can, so I think thats a sign something is wrong. I tried it with en0, but it couldn't go into monitor mode.
What am I doing wrong?
I am using a MacBook Pro with OS X 10.9.3, and I would like to be able to do this with tcpdump
, or any other utility that's built into OS X.
monitoring tcp tcpdump
I have been trying to learn tcpdump
and I am using this command to attempt to monitor my network:
sudo tcpdump -I -i en1
But this gives me a bunch of stuff I don't want, so I used this version to filter the packets:
sudo tcpdump -I -i en1 port 80 or 443
And it gives me nothing. I know you can't use your WiFi when using monitor mode, but I still can, so I think thats a sign something is wrong. I tried it with en0, but it couldn't go into monitor mode.
What am I doing wrong?
I am using a MacBook Pro with OS X 10.9.3, and I would like to be able to do this with tcpdump
, or any other utility that's built into OS X.
monitoring tcp tcpdump
monitoring tcp tcpdump
edited Jul 3 '14 at 16:31
polym
6,59643157
6,59643157
asked Jul 3 '14 at 3:51
addisonaddison
1116
1116
bumped to the homepage by Community♦ 1 min ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 1 min ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Sometimes the traffic is buffered or delayed by DNS server responses. To avoid it, add -l
and -n
parameters.
-l
Make stdout line buffered. Useful if you want to see the data while capturing it.
-n
Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.
Then you can use syntax like:
sudo tcpdump -i en1 -nl port http or port https
For more complex queries, make sure you use brackets to group the expressions.
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "106"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f140471%2ftcpdump-not-capturing-http-or-tcp-ssl-traffic%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Sometimes the traffic is buffered or delayed by DNS server responses. To avoid it, add -l
and -n
parameters.
-l
Make stdout line buffered. Useful if you want to see the data while capturing it.
-n
Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.
Then you can use syntax like:
sudo tcpdump -i en1 -nl port http or port https
For more complex queries, make sure you use brackets to group the expressions.
add a comment |
Sometimes the traffic is buffered or delayed by DNS server responses. To avoid it, add -l
and -n
parameters.
-l
Make stdout line buffered. Useful if you want to see the data while capturing it.
-n
Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.
Then you can use syntax like:
sudo tcpdump -i en1 -nl port http or port https
For more complex queries, make sure you use brackets to group the expressions.
add a comment |
Sometimes the traffic is buffered or delayed by DNS server responses. To avoid it, add -l
and -n
parameters.
-l
Make stdout line buffered. Useful if you want to see the data while capturing it.
-n
Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.
Then you can use syntax like:
sudo tcpdump -i en1 -nl port http or port https
For more complex queries, make sure you use brackets to group the expressions.
Sometimes the traffic is buffered or delayed by DNS server responses. To avoid it, add -l
and -n
parameters.
-l
Make stdout line buffered. Useful if you want to see the data while capturing it.
-n
Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.
Then you can use syntax like:
sudo tcpdump -i en1 -nl port http or port https
For more complex queries, make sure you use brackets to group the expressions.
answered Mar 9 '18 at 17:18
kenorbkenorb
8,451370106
8,451370106
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f140471%2ftcpdump-not-capturing-http-or-tcp-ssl-traffic%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown