Hi Zach, I'm not really sure what your question is. Could you please elaborate?
tcpdump can also be used to dump (well, duh!) the contents of TCP packets and not only their metadata (header fields etc.) by adding the -X parameter, see https://danielmiessler.com/study/tcpdump/ for an example. Cheers, Jochen On Thursday, 5 November 2015 20:04:49 UTC+1, Zach Trexler wrote: > > I'm running tcpdumps (tcpdump -v -i eth0 port 514) on outputs from graylog > to remote log service: > > my.graylog.server.41166 > other.log.service:Flags [.], cksum 0x637c > (incorrect -> 0x27cf), ack 1, win 229, options [nop,nop,TS val 191729014 > ecr 971588430], length 0 > > Some responses from this service look like this: > > other.log.service: Flags [S.], cksum 0xc1b0 (correct), seq 2112645986, ack > 2163394437, win 14480, options [mss 1380,sackOK,TS val 971588430 ecr > 191729005,nop,wscale 7], length 0 > 11:47:40.860692 IP (tos 0x0, ttl 64, id 19178, offset 0, flags [DF], proto > TCP (6), length 52) > > I'm able to see full messages inbound on the same port, but not these. > > Something seems amiss -- should I expect to see my output messages here, > or is what I'm seeing "normal"? > > Thanks > -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/35225c16-e84a-4d4b-ab75-a0725f22af88%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
