TCPDUMP is often very helpful tool to analyse incoming/outgoing traffic on servers and it is mainly installed on many of our customers. Some basic usage examples are given below:
- tcpdump -vvv -i any -s 0 -w /tmp/dump.cap host 91.202.39.1 //sniffs all incoming and outgoing packets from/to host 91.202.39.1
- tcpdump -vvv -i any -s 0 -w /tmp/dump.cap host 91.202.39.1 and port 8080 //sniffs all incoming and outgoing packets from/to host 91.202.39.1 from port 8080
- tcpdump -vvv -i any -s 0 -w /tmp/dump.cap dst host 91.202.39.1 //sniffs all outgoing packets to destination host 91.202.39.1
- tcpdump -vvv -i any -s 0 -w /tmp/dump.cap src host 91.202.39.1 //sniff all incoming packets from source host 91.202.39.1
- tcpdump -vvv -i eth0 -s 0 -w /tmp/dump.cap host 91.202.39.1 and port 8080 //sniffs all incoming and outgoing packets from/to host 91.202.39.1 from port 8080 on eth0 interface
- -i parameter is used for selecting interface. -vvv parameter is used for full protocol decode. -w parameter is used for saving into file.
- Output file can be taken to local PC and investigated via using wireshark tool.
bahtiyar aytac 