tcpdump monitoring Traffic Analysis

The tcpdump is simple command that dump traffic on a network. However, you need good understanding of TCP/IP protocol to utilize this tool. For.e.g to display traffic info about DNS, enter:
# tcpdump -i eth1 'udp port 53'

To display spesifik port
# tcpdump -i eth1 dst port 8686

To display all IPv4 HTTP packets to and from port 80, i.e. print only packets that contain data, not, for example, SYN and FIN packets and ACK-only packets, enter:
# tcpdump 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

To display all FTP session to, enter:
# tcpdump -i eth1 'dst and (port 21 or 20)'

To display all HTTP session to
# tcpdump -ni eth0 'dst and tcp and port http'

Use wireshark to view detailed information about files, enter:
# tcpdump -n -i eth1 -s 0 -w output.txt src or dst port 80

source :
Next Post »

comment please ... ConversionConversion EmoticonEmoticon

Thanks for your comment