pavement

Packet sniffing

From FreeBSDwiki
Revision as of 13:21, 5 December 2004 by Dave (Talk | contribs)
Jump to: navigation, search

What it is

Packet sniffing is essentially eavesdropping on a network interface.

tcpdump

The granddaddy of all packet sniffers, tcpdump will be found on just about any unix system you're likely to encounter.

Common options:

-c number "sniff this many packets". By default, tcpdump will sniff until you tell it not to. Using this flag will cause it to stop at a certain number of packets
-i interface"listen on this interface". If you want traffic from just one network interface, you want to use this option.
-a "convert IPs to names if you can"
-w filename "write this to a file". you must give a filename to write to.
-q "don't be so verbose" -- strips more protocol information

tcpdump understands boolean operators (and not or, etc) and can take hostnames, IPs, networks and protocols as arguments. The output is terse and hard to understand if you don't know what you're looking at or for; for this reason many folks prefer friendlier front-ends to tcp, such as ethereal.

Personal tools