To monitor any for all ethernet## Run 30 sec to monitor all ethernet timeout 30 tcpdump -n -nn -q -i any > /tmp/tcpdump ## then print out all "destiation" & "port" with count number cat /tmp/tcpdump |awk '{print $5}' |sort -n |uniq -c |sort -nr | grep ":" |less
To monitor specific IP## Run 30 sec to monitor specific IP timeout 30 tcpdump -i eth0.3 host 192.168.98.29 > /tmp/tcpdump ## then print out all "destiation" & "port" (without 192.168) cat /tmp/tcpdump |awk '{print $5}' |sort -n |uniq -c |grep ":" |grep -v 192.168 |less
[root@~]# tcpdump host 192.168.1 -eth3
[root@~]# tcpdump host 192.168.1.3 -eth3
[root@~]# tcpdump host 192.168.1.3 and host 192.168.2.3 -eth3
[root@~]# tcpdump -nXAs 0 port 80
tcpdump and sniffer in port 80 to show all packet without byte limit in ascii content[root@~]# tcpdump -A -i eth0 -vvv -s 500 'tcp port 80 and ip[2:2] > 40 and tcp[tcpflags] & tcp-push != 0 and dst port 80' -f
show URL by getHTTP GET requests via port 80[root@~]# tcpdump -w tcpdump.log
Write tcpdump raw data to file 'tcpdump.log'[root@~]# tcpdump -r tcpdump.log
Read tcpdump raw data to file 'tcpdump.log'[root@~]# tcpdump -n -k NP |grep 12345
Capture all network related to PID 12345 (MAC OSX only)Server is hosted by Alanstudio
Linux Operating System
Recommend screen resolution 1024 x 768 / IE / FireFox
Alan Studio © 2007 by Alan Cheung Hin Lun. All rights reserved.