Netdump is a simple protocol running over UDP which is used to transport kernel core memory images to a remote server during a crash. It is used primarily in systems including and prior to Red Hat Enterprise Linux 4, although several other distributions have made use of the protocol.


Used prior to the advent of kexec technology, NetDump has been used to capture kernel core memory images remotely during a system crash, for post-mortem analysis

Protocol dependencies

Example traffic

Add example decoded traffic for this protocol here (as plain text or Wireshark screenshot).


The NetDump dissector is fully functional. Nominally NetDump runs over UDP port 6666, which conflicts with the SigComp protocol, so manual specification to wireshark to decode frames as NetDump data is required when using this dissector.

Example capture file

NetDump (last edited 2009-02-11 01:18:14 by BillMeier)