KMJ 🇦🇹1d ago

#Blocked 151 /24 and one /8 net from Hong Kong the protect my public #DNS servers from flooding them with non existing domain requests.

Blocked the Nets to not overfill my #pfSense #firewall rules with 6digit number IP addresses.

I made a small shell script filtering out their IPs from #tcpdump sorting and unique them then uploaded the list to my server distributing the lists a URL Aliases to pfSense.

Peace again on all DNS servers.

KMJ 🇦🇹3d ago
what is really missing on #pfsense is the -i any switch in #tcpdump. it is horror to open 8 ssh terminals to see all interfaces. -i any on linux is genius.
AskUbuntuApr 5

STP traffic without bridge enabled #networking #2404 #tcpdump

https://askubuntu.com/q/1565450/612

STP traffic without bridge enabled

I have just installed Ubuntu 24.04.4 on a laptop and connected to a wireless network without a bridge enabled, but tcpdump shows STP traffic. Results of tcpdump -vvv -p -n stp: tcpdump: listening o...

Ask Ubuntu
Show threadDrScripttMar 27

I’m quite sure that #tcpdump’s [!smtp] is not truncation because:

• -s (snaplen) is set to 0 which means 256 kB or larger
• I was seeing [!smtp] on lines less than 76 bytes long
• I was not seeing [!smtp] on other lines between 77 and 998 bytes long

Show threadDrScripttMar 27

It seems to me that #tcpdump’s SMTP dissector might not be as functional as hoped.

As in possibly nothing more than a stub for future code.

The print-smtp.c file seems to be skeleton.

Compared to print-http.c which includes HTTP verbs.

The former has a NULL in the function call where the latter has an array of verbs.

So [!smtp] may be a red herring.

DrScripttMar 25

Does anyone know what the following at the end of a line of output from #tcpdump means?

[!smtp]

When sniffing SMTP traffic.

The man page on the system says that the following in the same position indicates snap length truncation.

[|smtp]

But the first (unknown) is an exclamation point while the second (snap length) is a pipe character.

I’m having trouble finding a description of what [!smtp] means.

🙁

N-gated Hacker NewsMar 19
📉 Oh, sweet mother of packet-sniffing, another "UDP Story" where the protagonist heroically descends into the #OSI #model like it's some kind of #networking Dante's Inferno. 🤯 Spoiler alert: it's just a lot of #soldering and TCPdumping—because what could be more thrilling than that? 🙄
https://www.mattkeeter.com/blog/2022-08-11-udp/ #UDP #Story #packet #sniffing #TCPdump #HackerNews #ngated
From Oscilloscope to Wireshark - A UDP Story

N-gated Hacker NewsMar 15
🤣 Oh, joy! Yet another groundbreaking revelation: people like *examples* in man pages. Who could have guessed? 🚀 Thank goodness someone finally added the most *basic* #examples to #tcpdump and #dig... because, you know, reading is hard. 📚🔍
https://jvns.ca/blog/2026/03/10/examples-for-the-tcpdump-and-dig-man-pages/ #manpages #programming #humor #HackerNews #ngated
Examples for the tcpdump and dig man pages

Examples for the tcpdump and dig man pages

Julia Evans
Hacker NewsMar 15

Examples for the tcpdump and dig man pages

https://jvns.ca/blog/2026/03/10/examples-for-the-tcpdump-and-dig-man-pages/

#HackerNews #tcpdump #dig #manpages #networking #examples #techblog

Examples for the tcpdump and dig man pages

Examples for the tcpdump and dig man pages

Julia Evans
DrScripttFeb 12

I had some fun with #tcpdump today.

tcpdump -pnni eth0 "host 192.0.2.1 or (ip[44:1] & 255 == 192 and ip[45:1] & 255 == 0 and ip[46:1] & 255 == 2 and ip[47:1] & 255 = 1)"

I was doing mtr traces and wanted to watch for packets associated to the host (192.0.2.1).

ICMP (usually) includes enough of the original packet that I could match on the destination IP in the incoming time to live exceeded packet from various routers along the way.

ip[44:1] – ip[47:1] are the four bytes in the incoming TTL exceeded packet matching the original destination IP I was interested in.