Monday, January 17 2005 @ 04:59 PM EST Contributed by: glosser
Linux.com continues their CLI tutorial series with this article on tcpdump.
Don't worry, I'm not going to try to turn you into to a network security analyst or administrator. But if you're interested in what's happening under the hood on your Internet connection, I'll be happy to introduce you to an old and respected command-line tool. Come on, pull that many-pixeled GUI quilt off of you and meet me at the CLI for a look at tcpdump.
Most distributions include tcpdump out of the box, and most require that you run it as root. So as super user, simply enter tcpdump at the command line. It will take the default values and go, pumping out packets as they are received. Here's what it looks like starting out on my desktop box:
# tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:44:52.149255 IP xenon.oftc.net.6667 > 192.168.0.103.33091: P 3312142394:3312142472(78) ack 3550737549 win 5792
Unless you are used to looking at dumped TCP/IP packets, it doesn't exactly overwhelm you with usable information, does it? Let's take a look at some of the options for formatting the output that might make it a little more human-readable.