TcpDump

Usage of tcpdump:

For example monitoring SMTP from a particular host:

# tcpdump -w tcpdump.out -s 0 ip host 84.47.53.128 and tcp port 25

WireShark/Ethereal

Examine the captured file using tshark:

# tshark -r tcpdump.out

Executables within wireshark:

/usr/sbin/capinfos
/usr/sbin/dftest
/usr/sbin/dumpcap
/usr/sbin/editcap
/usr/sbin/mergecap
/usr/sbin/randpkt
/usr/sbin/rawshark
/usr/sbin/tethereal
/usr/sbin/text2pcap
/usr/sbin/tshark

Resources

  • http://linux.byexamples.com/archives/283/simple-usage-of-tcpdump/
  • IPv6 TCP/IP http://www.sans.org/security-resources/ipv6_tcpip_pocketguide.pdf
  • WireShark http://www.wireshark.org/
  • http://workaround.org/using-tcpdump-and-wireshark
  • http://www.codealias.info/technotes/the_tshark_capture_and_filter_example_page
tcpdump, WireShark/Ethereal

Leave a Reply

Your email address will not be published. Required fields are marked *