Skip to Main Content
Wireless Hacks
book

Wireless Hacks

by Rob Flickenger
September 2003
Intermediate to advanced content levelIntermediate to advanced
304 pages
8h 39m
English
O'Reilly Media, Inc.
Content preview from Wireless Hacks

Watching Traffic with tcpdump

This famous command-line packet capture tool is invaluable for troubleshooting thorny network problems.

Virtually all modern variations of Unix ship with the tcpdump utility. Its deceptively simple interface hides a very powerful and complex tool designed to capture data from a network interface, filter it, and print it out so you can get a better grasp of what is really happening on your network. Note that you need to be root to capture packets with tcpdump.

The simplest way to start it is to run it while specifying the network device you would like to listen to:

remote:~# tcpdump -i eth0

If you are logged into a remote machine while doing this, you will see a flood of traffic fly by, even on an unloaded machine. This is because tcpdump is capturing your ssh session traffic and displaying it to your terminal, which generates more traffic, which is again displayed, in an endless loop of wasted bits. This is easily avoided by using a simple filter. For example, you could just ignore all ssh traffic:

remote:~# tcpdump -i eth0 -n 'port ! 22'

Here I also specified the -n switch, which tells tcpdump to skip DNS lookups for every host it encounters. When capturing network data, the name of the game is speed. If your machine is tied up with some other network function (like looking up DNS names), it could miss packets as they fly past, particularly on a busy network. Skipping lookups speeds up capturing, but it means that you will be looking at IP addresses and ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Maximum Wireless Security

Maximum Wireless Security

Cyrus Peikari, Seth Fogie
Real Time Over Wireless

Real Time Over Wireless

Jerome Henry / Rob Barton
Troubleshooting Linux® Firewalls

Troubleshooting Linux® Firewalls

Michael Shinn, Scott Shinn

Publisher Resources

ISBN: 0596005598Catalog PageErrata