commandlinefu.com is the place to record those command-line gems that you return to again and again.
You can sign-in using OpenID credentials, or register a traditional username and password.
Subscribe to the feed for:
dsniff is general purpose password sniffer, it handles *lots* of different protocols, but it also handles tcp-style expressions for limiting analyzed traffic - so I can limit it to work on pop3 only.
The command is useful for monitoring the use of the boxes and their connection IP.
Result file "sniff" is readable with GUI program "wireshark" or through CLI with the command:
tcpdump -f "sniff" -XX
Then hit ^C to stop, get the file by scp, and you can now use wireshark like this :
If you have tshark on remote host, you could use that :
wireshark -k -i <(ssh -l root <REMOTE HOST> tshark -w - not tcp port 22)
The last snippet comes from http://wiki.wireshark.org/CaptureSetup/Pipes