Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!

Author Topic: tcpdump - Detailed Network Traffic Analysis  (Read 3252 times)

0 Members and 1 Guest are viewing this topic.

nirmal

  • Jr. Member
  • **
  • Posts: 56
  • Karma: +0/-0
tcpdump - Detailed Network Traffic Analysis
« on: November 24, 2013, 10:25:26 pm »
Hi all,

Please check a wonderful tool, the tcpdump. It's is simple command that dump traffic on a network.

However, you need good understanding of TCP/IP protocol to utilize this tool.
For.e.g to display traffic info about DNS, enter:

# tcpdump -i eth1 'udp port 53'

To display all IPv4 HTTP packets to and from port 80, i.e. print only packets that contain data, not, for
example, SYN and FIN packets and ACK-only packets, enter:


# tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

To display all FTP session to 202.54.1.5, enter:


# tcpdump -i eth1 'dst 202.54.1.5 and (port 21 or 20'

To display all HTTP session to 192.168.1.5:


# tcpdump -ni eth0 'dst 192.168.1.5 and tcp and port http'

Use wireshark to view detailed information about files, enter:


# tcpdump -n -i eth1 -s 0 -w output.txt src or dst port 80

Hope you will like it.

Thank you for checking
Get your server issues fixed by our experts for a price starting at just 25 USD/Hour. Click here to register and open a ticket with us now!