How to Record a PCAP / Packet Capture on Linux

This step by step guide will show you how to record a packet capture or pcap for our SOC team.

 

Step 1:

Ensure tcpdump is installed, if it's not install it from your operating systems package manager.

For Debian/Ubuntu: apt install tcpdump

For CentOS: yum install tcpdump

 

Step 2:

Determine what your primary NIC alias is, run: ip a or ifconfig

Here we can see it's enp1s0f0, in most cases it will simply be primary if using our standard installs.

 

Step 3:

While under attack, and only while under attack.

 

Launch the command: tcpdump -s 0 -i <INTERFACE NAME FROM ABOVE (e.g. enp1s0f0)> -w attack.pcap

 

Let this run for at least 30 seconds, then stop it with the key combo Ctrl+C

Download the attack.pcap off your server.

 

Reply to the ticket attaching the packet capture, you can upload the packet capture to Google Drive or another safe file sharing service and include the download link in your reply, if it's too large for our ticketing system.

  • 17 Users Found This Useful
Was this answer helpful?

Related Articles

Basic Actions on your Dedicated Server

This step by step guide will assist you in a number of basic actions for your dedicated...

How to access KVM/IPMI

Streamline Servers currently uses Supermicro machines exclusively for our dedicated servers.Due...

How to Check your Data Usage

This step by step guide will assist you in keeping track of the amount of data/bandwidth you have...

How to reinstall the OS

This step by step guide will assist you in reinstalling your dedicated servers OS.Step 1:Log into...

Installing an OS via IPMI/iKVM

Streamline Servers currently uses Supermicro machines exclusively for our dedicated servers.Due...