Packet sniffing
From FreeBSDwiki
(Difference between revisions)
(placeholder) |
(→tcpdump) |
||
| Line 5: | Line 5: | ||
==tcpdump== | ==tcpdump== | ||
| − | The granddaddy of all packet sniffers, [[tcpdump]] will be found on just about any unix system you're likely to encounter. The output is terse and hard to understand if you don't know what you're looking at or for; for this reason many folks prefer friendlier front-ends to tcp, such as ethereal. | + | The granddaddy of all packet sniffers, [[tcpdump]] will be found on just about any unix system you're likely to encounter. |
| + | |||
| + | Common options: | ||
| + | -c ''number'' "sniff this many packets". By default, tcpdump will sniff until you tell it not to. Using this flag will cause it to stop at a certain number of packets | ||
| + | -i ''interface''"listen on this interface". If you want traffic from just one network interface, you want to use this option. | ||
| + | -a "convert IPs to names if you can" | ||
| + | -w ''filename'' "write this to a file". you must give a filename to write to. | ||
| + | -q "don't be so verbose" -- strips more protocol information | ||
| + | |||
| + | [[tcpdump]] understands boolean operators (and not or, etc) and can take hostnames, IPs, networks and protocols as arguments. The output is terse and hard to understand if you don't know what you're looking at or for; for this reason many folks prefer friendlier front-ends to tcp, such as ethereal. | ||
Revision as of 14:21, 5 December 2004
What it is
Packet sniffing is essentially eavesdropping on a network interface.
tcpdump
The granddaddy of all packet sniffers, tcpdump will be found on just about any unix system you're likely to encounter.
Common options:
-c number "sniff this many packets". By default, tcpdump will sniff until you tell it not to. Using this flag will cause it to stop at a certain number of packets -i interface"listen on this interface". If you want traffic from just one network interface, you want to use this option. -a "convert IPs to names if you can" -w filename "write this to a file". you must give a filename to write to. -q "don't be so verbose" -- strips more protocol information
tcpdump understands boolean operators (and not or, etc) and can take hostnames, IPs, networks and protocols as arguments. The output is terse and hard to understand if you don't know what you're looking at or for; for this reason many folks prefer friendlier front-ends to tcp, such as ethereal.
