Is tcpdump reliable? Why there are so many packets with length 0?
I am using tcpdump to collect packet data through wlan0. But I find many packets with length of 0 like following picture shows. Well, length 0 packets... Is tcpdump reliable or I have missed something?
OK, those are TCP packets, and that's the TCP payload length. That can be zero, if a TCP packet is just acknowledging data sent by the other side of the connection, and not sending any data.
For example, the next to the last packet is from 121.186.151.61.dial.xw.sh.dynamic.163data.com.cn, port 80 (that's the ".http" at the end - it's not part of the domain name, it's an indication that it's from port 80) to android-1b46862a4910306b, port 53876, with 16 bytes of data. The last packet is android-1b46862a4910306b sending an ACK to 121.186.151.61.dial.xw.sh.dynamic.163data.com, probably acknowledging the previous 16 bytes.
The other zero-length packets in your sample output are TCP FIN packets, which don't have to have data in them (the host sending it is just saying "I don't have any more data to send you, and never will have any more data to send you on this connection - I'm done"), and TCP RST packets, which are just forcibly shutting down the connection and also don't have to have data in them.
- is tcpdump affected by iptables filtering?
- Not able to get the required HTTP headers in tcpdump
- "Replay" tcpdump file
- How to access multiple pcap files offline and extract an ip address?
- How to schedule tcpdump to run for a specific period of time?
- Running tcpdump inside a Docker container as non-root user
- tcpdump does not capture all packets at high packet frequency
- How to display all data using tcpdump?
- Simple way to verify valid BPF filter
- Capture pid of process using port 6881 only once every 15 min
- How to detect CDP by tcpdump
- Merging/appending multiple pcap files to an existing one without overwriting
- Troubleshooting network connectivity issues in a local network environment after adding dummy interface to the local subnet
- Filtering for Quic Client Hello packets with tcpdump
- how to close a tcpdump via paramiko
- Performance and efficiency comparing between dump tools: tcpdump, tshark, dumpcap
- How to generate packet having sequence number as `first:last` with Scapy?
- program other than apache listen on 3000 for https (ProxyPassReverse)
- Packet capture in RDMA?
- tcpkeep alive msg not seen in tcpdump
- python run tcpdump in remote server
- Apply a filter which reads all traffic apart from DNS and TCP using tcpdump
- How can I have tcpdump write to file and standard output the appropriate data?
- Understanding Tcpdump filter & bit-masking
- piping tcpdump from a docker container to local macOS Wireshark instance
- How to identify what packet belongs to what TCP connection in tcpdump
- How to decrypt the message using tcpdump
- Looking for a specyfic message in zipped pcap files
- How can I capture Gre or Vxlan inner network traffic?
- windows 10 bash tcpdump: socket: Invalid argument