The Everywhere Cloud

Deploy an instance.
Accelerate your application.

Monitoring network traffic with tcpdump

The following procedure demonstrates how to use tcpdump to sniff and log packets going in and out of a machine's network interfaces.


1. Identify the network interfaces available.

user@host: $ tcpdump --list-interfaces

1.wlp6s0 [Up, Running]
2.lo [Up, Running, Loopback]
3.any (Pseudo-device that captures on all interfaces) [Up, Running]
4.enp5s0 [Up]

2. Set the sniffing tool to listen on a network interface for packets and send the output to a file for easy review later.

2.1. To and from a target port, such as HTTP, regardless of host.

user@host: $ sudo tcpdump -A -i any -l -s 0 -vvv tcp port 80 > mytcpdumpout.txt 2>&1

2.2. To and from a target host, regardless of port.

user@host: $ sudo tcpdump -A -i any -l -s 0 -vvv host nameOfMachine > mytcpdumpout.txt 2>&1

2.3. The flags used to adjust the behavior of tcpdump are as follows.

[ -A ] prints packets in ASCII format and make them readable, excluding data link layer headers.
[ -i any ] captures packets from any network interface.
[ -l ] prints the output in lines for easy reading.
[ -s 0 ] limits the packet length captured to default (262144 bytes).
[ -vvv ] produces very, very verbose output.

3. Open another terminal and follow the output on the file using tail.

user@host: $ tail -f mytcpdumpout.txt

4. End the tcpdump capture by press Ctrl-C on the listening terminal.



Popular posts from this blog

Enabling HTTPS in Home Assistant

Configuring the FreeBSD Firewall with IPFW

Running Home Assistant on FreeBSD Servers