Linux - Network monitor tcpdump, Tcpdump examples
Network monitor tcpdump
How can I monitor all my connections to ssh?How do I monitor all traffic except my ssh session?
tcpdump is the premier network analysis tool for analysing more on network traffic
# tcpdump -i eth1 -s 1500 port not 22-s Define the snaplength (size) of the capture in bytes. Use -s0 to get everything, unless you are intentionally capturing less.
# tcpdump -i eth1 -s0 port not 22
You can skip additional ports too:
# tcpdump -i eth1 -s 1500 port not 22 and port not 53You can also use ip or hostname:
# tcpdump -i eth1 port not 22 and host abc.xyz.123.pqr
Monitor all packets on eth1 interface
# tcpdump -i eth1
Monitor all traffic on port 80 ( HTTP )
# tcpdump -i eth1 'port 80'
Monitor all traffic on port 25 ( SMTP )
# tcpdump -vv -x -X -s 1500 -i eth1 'port 25'
Monitor traffic of particular host
# tcpdump host 1.2.3.4
look for traffic based on IP address (also works with hostname if you're not using -n)
Find network traffic based on source and destination IP Address
# tcpdump src 1.2.3.4 # tcpdump dst 1.1.1.1
To capture only N number of packets
# tcpdump -c 2 -i eth0
capture the packets and write into a file
# tcpdump -w 08232010.pcap -i eth0
Capture packets with IP address
# tcpdump -n -i eth0
Monitor network traffic with proper readable timestamp
# tcpdump -n -tttt -i eth0
Monitor network traffic on particullar port
# tcpdump -i eth0 port 22
Capture all the packets other than arp and rarp
# tcpdump -i eth0 not arp and not rarp
To know more about tcpdump, read its man page
# man tcpdump
On linux servers tcpdump command plays an very importan role, where it is the most commonly used network analyzer. Tcpdump command plays the premier role on network analysis, It is most commonly used network analysis tool for analysing more on network traffic and packets.
The topic on Linux - Network monitor tcpdump is posted by - Math
Hope you have enjoyed, Linux - Network monitor tcpdumpThanks for your time