When I don't have any internet conncetion and I want to capture network between local computers, tcpdump acts like this:
1.I start tcpdump using following command:
tcpdump -ixenbr0
2.After I run it, tcpdump gets in freeze mode for about 1-2 minutes, after that it captures some packets and again freezes, and again capture some and same happen over and over.
I can't even quit tcpdump with ctrl+c or even kill the tcpdump process using killall tcpdump command.
I have this issue on all computers in the network, no just one.
But when I connect network to internet, tcpdump works just fine. Everything is okay with internet connection. Seems very strange to me.
I also tried -l , but no luck.
I'm using Ubuntu 14.04. Tcpdump version is 4.5.1.
Anyone has any idea what's wrong ?
Best Answer
...
You're running it without
-w, so, instead of just writing raw packet data to a file, it dissects the packets and prints a summary of them.This means that, for IP packets, it tries to report the source and destination IP addresses of the packets.
Without
-n, it tries to find the host name corresponding to the address, which means that, unless the address is in the hosts file, it'll try to use DNS to find the name. If you don't have any Internet connection, but the local DNS resolver thinks it should search the Internet DNS servers, it'll try to contact those servers and wait for an answer or a timeout. It won't get an answer, so it'll have to wait for the timeout.Once the timeout occurs, it gets told "I don't have a host name for that address", and just prints packet information, showing the address numerically. Then, when the next packet arrives, if it has an IP address, the same thing happens.
-ndisables looking up the name for IP addresses, so there aren't any timeouts.