www.broadbandreports.com
  
Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsJobsNewsFAQsForumsToolsMapsAbout 
   All FAQsSite FAQDSL FAQCable TechAbout DSLDistanceCLECSDSL Hurdles»»






how-to block ads



Search for: in all FAQs

All FAQs » TCPDUMP » 5. Some simple scripts

FAQ RevisionsEditors: KeysCapt See Profile, state See Profile
Last modified on 2006-10-14 23:50:16
view: single page · printable

5. Some simple scripts

·** Note about these examples and TCPDUMP **
·How can I show ALL traffic on a specified interface?
·How can I capture a specified number of packets?
·How do I show the MAC address in the capture?
·How can I look for the Welchia Worm with TCPDUMP?
·How can I use TCPDUMP to determine the top talker on my network?

** Note about these examples and TCPDUMP ** (#8445)
Here are a couple of things to keep in mind about TCPDUMP and these examples.

1. I am not using the full path to TCPDUMP, which is usually located in `/usr/sbin/tcpdump'.

2. TCPDUMP required ROOT ACCESS or the program must have suid of root.

3. My public interface is `eth0', which is the interface that my examples use. If you wish to listen somewhere else, just replace it. To determine which interface you wish to use, first figure out what you want to see, then run `/sbin/ifconfig' and see what IP is assigned to what interface.

4. Running TCPDUMP in a work environment may not be acceptable. Check with the networking folks before you fire it off, and start reading other users' data.

show feedback form

How can I show ALL traffic on a specified interface? (#8443)
tcpdump -i eth0

Will show ALL traffic on interface eth0.

show feedback form

How can I capture a specified number of packets? (#8444)
The -c argument specifies the number of packets to capture. For example, this command will capture 20 packets on the specified interface eth0 and quit:



show feedback form

How do I show the MAC address in the capture? (#8446)
tcpdump -e -i eth0

This filter will display the MAC address as well as the basic information.

show feedback form

How can I look for the Welchia Worm with TCPDUMP? (#8447)
tcpdump -tnn -i eth0 "icmp[icmptype]==icmp-echo && icmp[8]==0xAA && icmp[9]==0xAA && icmp[10]==0xAA && icmp[11]==0xAA"

Sure can. Try this script. Keep in mind that your sniffer will need to be located where it can see all traffic on your network for this to be useful.

show feedback form

How can I use TCPDUMP to determine the top talker on my network? (#8448)

Depending on how busy your network is, you might want to lower the `-c 20000' (packet count) to fit your needs. This script will capture 20,000 packets and sort by top talkers.


show feedback form

Saturday, 05-Jul
18:00:11 		Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
8th year online! © 1999-2008 dslreports.com.republican-creole