Julia Evans @b0rk 2015-04-07
do you use tcpdump in your day-to-day life? what do you use it for?
Julia Evans @b0rk 2015-04-07
@sdstrowes out of curiosity â what kinds of failures? why do you need to look at DNS responses?
Kenny Hoxworth @hoxworth 2015-04-07
@b0rk another use is guaranteeing proper character encoding on the wire to determine where encoding bugs occur (client or server).
Julia Evans @b0rk 2015-04-07
@hoxworth oooo character encoding oooooooo
Charity Majors @mipsytipsy 2015-04-07
@b0rk âwhy is cassandra exploding? ohhhh, developers generating high cardinality columns !@#!â still havenât found a better way to debug
silentbicycle @silentbicycle 2015-04-07
@b0rk Yes, though I tend to use wireshark more for actually interpreting the data (whether live or tcpdump-captured). Debugging networks.
Jen Andre (funcuddles@infosec.exchange) @fun_cuddles 2015-04-07
@b0rk used it recently to aid in reverse engineering some proprietary database protocol
Fran GarcĂa @frangdlt@mstdn.social @frangdlt 2015-04-07
@b0rk to diagnose a Cisco router bug that cause âACKâ packet loss and +30sec delays in a trading environment ;-)thankgoditsover
Chetan Ahuja @IAmChetanAhuja 2015-04-08
@b0rk tcpdump and Wireshark are like bread and butter for @packetzoom ( for obvious reasons). Great page on unix tools btw ;-)
Jerry Chen @jcsalterego 2015-04-07
@b0rk ngrep is much more useful, IME
Julia Evans @b0rk 2015-04-07
@jcsalterego what do you use ngrep for?
- viewing or debugging a handful of JSON REST APIs we have, or looking at MySQL traffic even. or seeing if things are routing correctly
Michael Hicks @numillustration 2015-04-07
@b0rk although Iâm using snoop more lately
Michael Hicks @numillustration 2015-04-07
@b0rk used extensively to troubleshoot NAT, VPNs, fancy routing, firewall issues,
and SDN successes and failures.
Sean Cassidy @sean_a_cassidy 2015-04-07
@b0rk debugging VPC networking issues, verifying programs are actually sending data, etc. itâs the ground truth
Wally Quevedo @wallyqs 2015-04-07
@b0rk I think it is great for quickly debugging plain text protocols, even more so when no other kind of logging is available
Will Thames @willthames 2015-04-07
@b0rk fairly regularly for debugging connectivity/authentication problems. Just discovered tcpflow for being able to see tcp streams
Robin SmidsrĂžd @robinsmidsrod 2015-04-07
@mjdominus @b0rk Iâve always found iptraf more useful for that use-case, running it directly on the router.
Robin SmidsrĂžd @robinsmidsrod 2015-04-08
@mjdominus @b0rk It will pick up all the same packets as tcpdump/wireshark. I just find the UI easier for that use-case.
shale @logicregressor 2015-04-07
@b0rk cs458 had us write an ids using tcpdump. Explanation inside:
https://crysp.uwaterloo.ca/courses/cs458/W15-material/a2.pdfâŠ
Natalie @Lesbiologist 2015-04-07
@b0rk pooping through the network
Jay Parlar @parlar 2015-04-07
@b0rk I used to use it extensively in an old job. Mostly debugging SNMP packets, if memory serves
äŸäș @lilydjwg 2016-01-16
@b0rk not everyday but every time the network goes wrong or I want to peek processes talking MySQL, Redis, TLS or the like.
äŸäș @lilydjwg 2016-01-16
@b0rk I use Wireshark more, and I pipe data from tcpdump on servers or Androids to local Wireshark for easy viewing.
Matthew Curry @mattjcurry 2015-04-07
@b0rk troubleshooting openvswitch and NSX.
Bea Hughes @beajammingh 2015-04-07
@b0rk most days. Well, most good or bad days.
Lawrence Teo @lteo 2015-04-07
@b0rk troubleshooting network issues
dmiller@recurse.social @jazzdan 2015-04-07
@b0rk âWhat is this memcached client I wrote *actually* sending memcached because clearly I messed something up hereâ
Hsing-Hui Hsu @SoManyHs 2015-04-07
@b0rk @drbrain does. He even wrote one.
Klerisson Paixao @klerissonpaixao 2015-04-07
@b0rk I seldom use it for debug apps.
imre Fitos @imreFitos 2015-04-07
@b0rk tcpdump tells the truth when I work with APIs. Documentation is usually not enough.
Julia Evans @b0rk 2015-04-07
@d6 iâm trying to write a blog post explaining why youâd want to use tcpdump and I think âreverse engineeringâ is what Iâll go with :)
Julia Evans @b0rk 2015-04-07
@nelhage how do you find out about latency? just by looking at how long it takes for packets to come back?