Sniffing with TCPDump

Contributor Icon Contributed by lvance Date Icon August 28, 2004  
Tag Icon Tagged: UNIX

How to sniff a network with TCPDump. TCPDump comes installed on Linux by default. You will have to install the package on Solaris. This is just a simple sniff.


To sniff all traffic accross an interface (port-mon is your friend)

tcpdump -w testsniff -c 6000
-this sniffs everything and stops when it reaches a 6000 packet count. Good idea if you have a lot of traffic. It puts this sniff into a file named testniff. Most Packet analyzers can read a tcpdump file format.

tcpdump host x.x.x.x -c 1000
-this sniff’s a specific host with a count of 1000 packets.

tcpdump -i eth0 host x.x.x.x -c 1000
-this sniff’s on eth0 for those multiple interface boxes. This is nice for sniffing firewall interfaces with DMZ’s etc.

This is just a small simple description. Read man tcpdump and you will see how powerful TCPDump can be.

Previous recipe | Next recipe |
 
  • Slaegabaeg
    Useless. LOL Let me guess... you're using Ubuntu?
blog comments powered by Disqus