We all love tcpdump :D So i found this tool useful while i was working on many things. Guess what ? it if very useful when working with network related stuff :D but its uneasy to grasp. This is my list of commands and options I use.
Mac, Linux
In this text i use en0, en1 naming convention from OSX if you are linux user you should change it to eth0, eth1 w… check your network config using ifconfig. Basic knowledge required! =)
Tcpdump
Tcpdump is a tool that lets you dump network packets. This helps to debug networking issues, apis, communication or other stuff.
Basic options
Tcpdump basic options are
- -i ‘interface’ option lets you specify on which interface you will listen
- -nS lets you see basic information about packets
- -v, -vv, -vvv verbose mode
- -s 1514 lets you specify how much data from packet is displayed. In this case you see whole packet
- src, dst listening on specific things for source or destination
- net eg. 192.168.0.1/24 listening on all stuff in some network.
- port eg. port 3000 lets you listen on port
First example, getting info
First thing that people do often is to listen to everything that bounces en1 like this:
1
| |
This is obviously bad idea, only good thing about its that i lets you see that “something is on” so you will be able to say that this device is actually working.
Example two, targeting host!
If you want to see all traffic that goes to some host, so something that is useful you should add host option.
1
| |
This will let you see if there are some packets going to and from <www.facebook.com>.
Example three, give me stuff targeting some port!
Lets say you want to see what generates curl to your own machine
1
| |
and in other shell just type
1
| |
port is most fun option because it lets you see stuff that you are interested in.
Summary
Tcpdump is useful tool and i hope this text will let me not constantly forget its options.
Cheers!