Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All FAQsSite FAQDSL FAQCable TechAbout DSLDistanceCLECSDSL Hurdles»»






how-to block ads



Search for: in all FAQs

All FAQs » TCPDUMP » 5. Some simple scripts

FAQ RevisionsEditors: KeysCapt See Profile, state See Profile
Last modified on 2006-10-14 23:50:16
view: single page · printable

5. Some simple scripts

·** Note about these examples and TCPDUMP **
·How can I show ALL traffic on a specified interface?
·How can I capture a specified number of packets?
·How do I show the MAC address in the capture?
·How can I look for the Welchia Worm with TCPDUMP?
·How can I use TCPDUMP to determine the top talker on my network?

** Note about these examples and TCPDUMP ** (#8445)
Here are a couple of things to keep in mind about TCPDUMP and these examples.

1. I am not using the full path to TCPDUMP, which is usually located in `/usr/sbin/tcpdump'.

2. TCPDUMP required ROOT ACCESS or the program must have suid of root.

3. My public interface is `eth0', which is the interface that my examples use. If you wish to listen somewhere else, just replace it. To determine which interface you wish to use, first figure out what you want to see, then run `/sbin/ifconfig' and see what IP is assigned to what interface.

4. Running TCPDUMP in a work environment may not be acceptable. Check with the networking folks before you fire it off, and start reading other users' data.

feedback form

by state See Profile
last modified: 2003-11-26 00:24:50

How can I show ALL traffic on a specified interface? (#8443)
tcpdump -i eth0

Will show ALL traffic on interface eth0.

feedback form

by state See Profile
last modified: 2003-11-26 00:40:26

How can I capture a specified number of packets? (#8444)
The -c argument specifies the number of packets to capture. For example, this command will capture 20 packets on the specified interface eth0 and quit:



feedback form

by state See Profile
last modified: 2006-10-10 00:46:16

How do I show the MAC address in the capture? (#8446)
tcpdump -e -i eth0

This filter will display the MAC address as well as the basic information.

feedback form

by state See Profile

How can I look for the Welchia Worm with TCPDUMP? (#8447)
tcpdump -tnn -i eth0 "icmp[icmptype]==icmp-echo && icmp[8]==0xAA && icmp[9]==0xAA && icmp[10]==0xAA && icmp[11]==0xAA"

Sure can. Try this script. Keep in mind that your sniffer will need to be located where it can see all traffic on your network for this to be useful.

feedback form

by state See Profile

How can I use TCPDUMP to determine the top talker on my network? (#8448)

Depending on how busy your network is, you might want to lower the `-c 20000' (packet count) to fit your needs. This script will capture 20,000 packets and sort by top talkers.


feedback form

by state See Profile
last modified: 2006-10-14 23:50:16


Sunday, 29-Nov 06:48:21 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.