Tcpdump doesn't work in vlan [closed] - tcpdump

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I got a pcap file captured from vlan.
I want to filter some packets out of that file with Tcpdump, but it doesn't work.
Is it because Tcpdump doesn't support vlan?
As it works for the pcap file captured int normal ethernet.

If the packet contains a 802.1q vlan tag, you can do the following -
tcpdump -s0 -nnpi eth0 vlan 100
where 100 is the vlan id.
You've to be a bit careful with the vlan keyword as a BPF filter (when combining it with other filters), as it moves filters 4 bytes to the right, see here - http://www.christian-rossow.de/articles/tcpdump_filter_mixed_tagged_and_untagged_VLAN_traffic.php.
You could also use a filter of the ethernet header - this link describes the solution and potential issues perfectly -
https://serverfault.com/questions/196250/tcpdump-capture-one-of-several-vlans.

Related

How to block an IP, if getting many http/apache/mysql requests in a second [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
if some one tried force burst attack on my website. how can i block their IP address.
i mean, i want to block an IP if, getting many http/Apache/SQL requests per second. how can i prevent those force burst attacks
Linux Server
thank in advance
In your .htaccess you can add something like:
order allow,deny
deny from <ip address>
allow from all
Or depending upon your operating system you can add a rule to your iptables.
For example, here is how you would do it in ubuntu.

limit the number of cores used by MySQL [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
On Linux, can you ensure that MySQL leaves one core free?
(We have a small Python server that can become unresponsive when MySQL running on the same box is under load.)
3 ways I can think of...
Use the command taskset.
This command will "fix" specific core (or list of cores) to a specific process.
Consult the man page how to use it
Create Virtual machine on your "little" server and run the mysql on that VM.
This will promiss more stability to both services
Use the "nice" values to make sure the python priority is higher then the mysql priority.
(This solution is the least recommanded of all three, but in some cases it can be valid)

Want to know what is ipv4 and ipv6? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Want to know what is the difference between ipv4 and ipv6 and how does it affect the openstream()
The basic difference is the number of available addresses. IPv4 has a 32-bit address whereas IPv6 has 128 bits.
This allows for a massive expansion in IP addresses, probably enough for every fridge, microwave or other white good on the planet to have its own class C subnet :-)
Actually, that's probably only funny once you understand a lot more about IP addressing so feel free to just laugh nervously if you don't understand :-)
There's some extra goodies in v6 but the IP address expansion is pretty well the major feature.
See also wikipedia for IPv6 and IPv4. There's a section in that first link which details some of the IPv4/IPv6 differences.
The difference is in packet headers. One protocol has different headers than the other. Don't think this would affect an openstream() call. Chances are the socket will take care of the headers automatically and you're stream will only be concerned with the payload of the packet (Java..?). Write a test program and find out!

SMTP DATE command purpose? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I am looking at my SMTP logs. The script I just run tells me that one of our mail servers has sent 19848kb, and received 386kb. This is pretty weird as this server should just be forwarding on mail that it received.
One of the sources out outbound traffic I noticed is for lines to do with the DATE command. For instance, this line:
11/16/11 00:26:57 SMTP-OU 8AA56F43369C40ECBE07D7A805617D74.MAI 1184 [ipAddress] DATE 250 2.0.0 OK 1321403130 v50si13351192wec.51 172503 45
DATE is the command. 250 2.0.0 OK 1321403130 v50si13351192wec.51 is the response to the command. 172503 is the number of bytes sent, and 45 is the number of bytes received.
I can't find the specification of what this command does. Is it something like Data-extended? It can't be transmitting just the calender-date, because it is too big for that.
There is no DATE command in SMTP. I guess they are using this word only in the log, to mark the second part of the DATA conversation. I mean the fist part is:
DATA
354 go on
The second part is:
... the actual data ...
250 OK

Could IPv4 exhaustion not be pushed back by allowing some of 127.*.*.* (not .0.0.1) to be allocated? [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
It seems to be that most firmware should, by now at least, look for 127.0.0.1 for the loopback and not, e.g. 127.*.*.*
If they change the definition of routable IP addresses, that will create more compatibility problems than it solves allocation problems. That would add less than 1% to the pool of IP addresses, and would be consumed very quickly. In this case, I think the cure is worse than the disease.