-->

Saturday, February 6, 2016

tcpdump to check network traffic

There are many situations when you want to track the events occurring over the network which could come handy during the high traffic. Also it can help you track if the traffic that you receiving is genuine and analyzing the pattern you can take better informed decisions.

tcpdump analyzes the tcp traffic like your webserver traffic which works on the tcp protocol very effectively. You would need the root privilege to see most part of the network due to the security involved.

Following are the handy commands to be used in the tcpdump

1. To see the interfaces on which the tcpdump can listen
tcpdump -D



2. Listen on interface eth0
tcpdump -i eth0

3. Listen on any available interface
tcpdump -i any

4. Verbose or detailed output
tcpdump -v
tcpdump -vv
tcpdump -vvv

5. For less detailed output use
tcpdump -q

6. Record the packets captured in a file called capture.cap
tcpdump -v -w capture.cap

7. To display the packets of the file called capture.cap
tcpdump -r capture.cap

8. To display the ip address and port number
tcpdump -n

9. capture any packet where the source and destination network is 192.168.1.0/24
tcpdump -n net 192.168.1.0/24

0 comments:

Post a Comment