Getting paid internationally?
Choose Payoneer.

Monitoring network traffic with tcpdump

The following procedure demonstrates how to use tcpdump to sniff and log packets going in and out of a machine's network interfaces.


1. Identify the network interfaces available.

user@host: $ tcpdump --list-interfaces

1.wlp6s0 [Up, Running]
2.lo [Up, Running, Loopback]
3.any (Pseudo-device that captures on all interfaces) [Up, Running]
4.enp5s0 [Up]

2. Set the sniffing tool to listen on a network interface for packets and send the output to a file for easy review later.

2.1. To and from a target port, such as HTTP, regardless of host.

user@host: $ sudo tcpdump -A -i any -l -s 0 -vvv tcp port 80 > mytcpdumpout.txt 2>&1

2.2. To and from a target host, regardless of port.

user@host: $ sudo tcpdump -A -i any -l -s 0 -vvv host nameOfMachine > mytcpdumpout.txt 2>&1

2.3. The flags used to adjust the behavior of tcpdump are as follows.

[ -A ] prints packets in ASCII format and make them readable, excluding data link layer headers.
[ -i any ] captures packets from any network interface.
[ -l ] prints the output in lines for easy reading.
[ -s 0 ] limits the packet length captured to default (262144 bytes).
[ -vvv ] produces very, very verbose output.

3. Open another terminal and follow the output on the file using tail.

user@host: $ tail -f mytcpdumpout.txt

4. End the tcpdump capture by press Ctrl-C on the listening terminal.



Getting paid internationally?
Choose Payoneer.

Get started with DigitalOcean SSD Virtual Servers  Email Newsletters & Email Marketing by

Popular posts from this blog

Enabling HTTPS in Home Assistant

Running Home Assistant on FreeBSD Servers

Configuring the FreeBSD Firewall with IPFW