Why tcpdump get nothing when music is playing on my local apache? - tcpdump

No wireline connects to net for my local pc.
Apache2 was installed and a music was put on /var/www/html/test.ogg.
It can be played with chrome 127.0.0.1/test.ogg.
tcpdump was running when playing the music----test.ogg with chrome.
sudo tcpdump tcp port 80 -i lo -vv
tcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes
Why the command get nothing excepttcpdump: listening on lo, link-type EN10MB (Ethernet), capture size 262144 bytes?

You should check the following:
Is chrome cache cleared?
What is the response code in chrome - it should be 200 OK.
Chrome is making a connection on 127.0.0.1:some_ephemeral_port -- to apache:127.0.0.1:80 - make sure it is 80, not 443!
Start the capture before opening the file (when did you start the capture)?
In case nothing helps try, sudo tcpdump -i any -vv port 80 (if you are sure of the port).
Try capturing other requests - like the apache home page and see if that works.

Related

Permissions Issue with tcpdump in Ubuntu 20.04

I am creating a tcpdump file using "tcpdump tcp -w tcp1" but I can't use the -r function to read the file as it says "permissions denied". I used chmod to try and change permissions even changed group permissions and still now affect. Help! Thank you
ubuntu 20.04
root#ubuntu:~# tcpdump tcp -w tcp1
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
^C
985 packets captured
985 packets received by filter
0 packets dropped by kernel
root#ubuntu:~# tcpdump -r tcp1
tcpdump: tcp1: Permission denied
root#ubuntu:~#
It's to do with AppAmour - you'll need to disable it first.
There are instructions here: https://www.xmodulo.com/disable-particular-apparmor-profile-ubuntu.html
I hard to restart by box, just restarting the service didn't seem to do it.

How to prevent snmpd from listening on port 161?

I am trying to force snmpd to listen on port 1610 (instead of the default port 161).
When I turn on debugging, it looks like snmpd insists on listening on port 161, in addition to any other agent address I specify.
I am running net-snmp 5.7.2 on Ubuntu.
Here is my snmpd.conf:
agentaddress dtlsudp:localhost:1610
agentuser root
agentgroup root
Here's how I launch snmpd:
snmpd -f -r -DALL -c snmpd.conf
I can see that snmpd parses the config file and recognizes the desired port 1610, but it tries to listen on port 161 as well!
read_config:parser: Found a parser. Calling it: agentaddress / dtlsudp:localhost:1610
snmpd_ports: port spec: udp:127.0.0.1:161,udp:localhost:1610,dtlsudp:localhost:1610,udp:localhost:1610,dtlsudp:localhost:1610
netsnmp_ds_set_string: Setting APP:2 = "udp:127.0.0.1:161,udp:localhost:1610,dtlsudp:localhost:1610,udp:localhost:1610,dtlsudp:localhost:1610"
snmp_agent: final port spec: "udp:127.0.0.1:161,udp:localhost:1610,dtlsudp:localhost:1610,udp:localhost:1610,dtlsudp:localhost:1610"
How can I prevent snmpd from listening on port 161 ???
Any help appreciated.
I discovered that snmpd always reads /etc/snmp/snmpd.conf unless you explicitly disable that using the -C option.
The following command worked. It only read my local config file.
snmpd -f -DALL -C -c snmpd.conf

Capture communication between nginx and http clients, and nginx and my application

My website is hosted on my remote server REM1. I access this server through ssh.
My website, which is used by few persons, slows down sometimes and I think it comes from my nginx's configuration because when I restart it all works again normally.
I'd like to analyse communication/packets exchanged between http client-nginx and between nginx-my application.
When I run this:
sudo tcpdump -S -p -A
I get millions of packets of ssh, so it's impossible to read http packets among the sea of ssh packets.
When I try to run this:
sudo tcpdump -S -p -A port not 22
I get nothing even if I open a page of my website on my browser and I refresh many times.
I'm new to tcpdump, and it's really about tcpdump no matter what web server is used.
How do I capture only nginx communication?

tcpdump doesn't captures properly on specific port

I'm in a network and i wanna capture ftp packets from another server in the network but i have a problem with tcpdump about this.
I've used this command :
tcpdump -i eth0 dst X.X.X.X -A and port 21
But it doesn't shows anything! ( i tested and sure that ftp port is 21 )
But if i use this on my server it works properly.
tcpdump -i eth0 -A and port 21
I've this problem when i enter " port " in the command. but if i enter a command without specific port it works and captures properly.
What is the problem?
Thanks.
I don't have enough reputation to ask a question, so this is part question and part insight.
Is the IP you're filtering on the client or the server for the FTP connection?
For the first command, try using src x.x.x.x or just host x.x.x.x and port 21.
For the second command, the "and" is not necessary with the -A flag. This should look more like this:
tcpdump -A -i eth0 port 21
tcpdump -Ai eth0 port 21
Another thing I've seen is if there are vlan tags, normal filtering won't work without adding "vlan and " to your filter. For example:
tcpdump -A -i eth0 "vlan and host x.x.x.x and port 21"
Also keep in mind that FTP uses a control and data connection. The control is over port 21, but the data can vary depending on whether you're using active or passive FTP.

Xampp; Apache Port 80 Busy

I am having Port Problem.
Whenever I start Apache then it give me this error:
Busy - Apache Started [port 80]
And When i start Mysql then Folowing Error Appears:
Busy - ERROR: Mysql service not started [-1]
Please Anyone tell me that how to resolve this problem.
Waiting for Replies.
Thanks in Advance
Open cports.exe (http://www.nirsoft.net/utils/cports.html), find in the column Local Port the port 80. Thus, you will know which program uses this port and you will be able to kill it.
For most people, port 80 is occupied by Skype by default. Simply uninstall Skype and port 80 will be freed. Apache should then work.
Try to run this below command in cmd prompt
netstat -ano|find "port no"
Eg:
netstat -ano|find "3306"
TCP 0.0.0.0:3306 0.0.0.0:0 LISTENING 5164
TCP [::]:3306 [::]:0 LISTENING 5164
You could even use the pid number and check in windows task manager who is utilizing these pid so that you would come to know the exact process name
Please provide error log file if possible.
Major issue comes if you are using skype . Just change the connection port no and restart skype and try to start apache
You should search then you ask question because this question has been asked. You need to go to C:\xampp\apache\conf edit httpd.conf file and change
Listen 80
to
Listen 8081
or another number then you restart apache.
other links
Configure apache to listen on port other than 80
Edit the httpd file
#Listen 12.34.56.78:80
Listen 80
to something like this
#Listen 12.34.56.78:80
Listen 8080
Just make sure you use any port other than 80.
Check if any instances of mysqld.exe is running from task manager. If so kill it and start it from xampp control panel.
If you have skype running on your local computer it uses port 80 also. So port 80 can not allocate for MySQL. The solution is to stop running on skype and then start your xampp server. If it is also not working just try to uninstall skype and then again install your xampp server. This time probably can run MySQL.