## Run 30 sec to monitor all ethernet timeout 30 tcpdump -n -nn -q -i any > /tmp/tcpdump ## then print out all "destiation" & "port" with count number cat /tmp/tcpdump |awk '{print $5}' |sort -n |uniq -c |sort -nr | grep ":" |less

To monitor any for all ethernet

## Run 30 sec to monitor specific IP timeout 30 tcpdump -i eth0.3 host > /tmp/tcpdump ## then print out all "destiation" & "port" (without 192.168) cat /tmp/tcpdump |awk '{print $5}' |sort -n |uniq -c |grep ":" |grep -v 192.168 |less

To monitor specific IP

[root@~]# tcpdump host 192.168.1 -eth3
[root@~]# tcpdump host -eth3
[root@~]# tcpdump host and host -eth3

tcpdump package for host (net) or specific host ip

[root@~]# tcpdump -nXAs 0 port 80

tcpdump and sniffer in port 80 to show all packet without byte limit in ascii content

[root@~]# tcpdump -A -i eth0 -vvv -s 500 'tcp port 80 and ip[2:2] > 40 and tcp[tcpflags] & tcp-push != 0 and dst port 80' -f

show URL by getHTTP GET requests via port 80

[root@~]# tcpdump -w tcpdump.log

Write tcpdump raw data to file 'tcpdump.log'

[root@~]# tcpdump -r tcpdump.log

Read tcpdump raw data to file 'tcpdump.log'

[root@~]# tcpdump -n -k NP |grep 12345

Capture all network related to PID 12345 (MAC OSX only)

Server is hosted by Alanstudio
Linux Operating System

Recommend screen resolution 1024 x 768 / IE / FireFox
Alan Studio © 2007 by Alan Cheung Hin Lun. All rights reserved.