Monitoring network traffic with tcpdump
The following procedure demonstrates how to use tcpdump to sniff and log packets going in and out of a machine's network interfaces. ========== 1. Identify the network interfaces available. user@host: $ tcpdump --list-interfaces 1.wlp6s0 [Up, Running] 2.lo [Up, Running, Loopback] 3.any (Pseudo-device that captures on all interfaces) [Up, Running] 4.enp5s0 [Up] 2. Set the sniffing tool to listen on a network interface for packets and send the output to a file for easy review later. 2.1. To and from a target port, such as HTTP, regardless of host. user@host: $ sudo tcpdump -A -i any -l -s 0 -vvv tcp port 80 > mytcpdumpout.txt 2>&1 2.2. To and from a target host, regardless of port. user@host: $ sudo tcpdump -A -i any -l -s 0 -vvv host nameOfMachine > mytcpdumpout.txt 2>&1 2.3. The flags used to adjust the behavior of tcpdump are as follows. [ -A ] prints packets in ASCII format and make them readable, excluding data link layer headers. [ -i any ] captures packets