November 2007
Beginner
642 pages
15h 43m
English
Content preview from Linux Networking CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
19.7. Using tcpdump to Capture and Analyze Traffic
Problem
You really need to see what's going over the wires, and you know that tcpdump is just the powerhouse packet sniffer you want. But, you don't know how to filter all those masses of traffic. How do you make it show only what you want to see?
Solution
tcpdump can filter your traffic as precisely as you like. Just follow these examples to learn the more commonly used filters.
You should routinely use the -p switch to prevent the interface from
going into promiscuous mode because promiscuous mode is pretty much
useless on switched networks.
Capture all traffic on a single host:
# tcpdump -pi eth0 host uberpcCapture all traffic on more than one host:
# tcpdump -pi eth0 host uberpc and stinkpad and penguinaCapture all traffic on more than one host, except from a specified host:
# tcpdump -pi eth0 host uberpc and stinkpad and not penguinaCapture traffic going to a host:
# tcpdump -pi eth0 dst host uberpcCapture traffic leaving a host:
# tcpdump -pi eth0 src host uberpcCapture a single protocol:
# tcpdump -pi eth0 tcpCapture more than one protocol:
# tcpdump -pi eth0 tcp or udp or icmpCapture a specific port:
# tcpdump -pi eth0 port 110Capture several ports:
# tcpdump -pi eth0 port 25 or port 80 or port 110Capture a port range:
# tcpdump -pi eth0 portrange 3000-4000Watch traffic leaving a port:
# tcpdump -pi eth0 src port 110Watch traffic entering a port:
# tcpdump -pi eth0 dst port 110Look for packets smaller than the specified size: ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Read now
Unlock full access
More than 5,000 organizations count on O’Reilly
O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.Julian F.
I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.Addison B.
I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.Amir M.
I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.