This gives you lots of nifty Cisco network information like VLAN tag, port and switch information. Show Sample Output
When using tcpdump, specify -U option to prevent buffering.
Real gurus don't need fancy tools like iftop or jnettop. Show Sample Output
Then hit ^C to stop, get the file by scp, and you can now use wireshark like this :
wireshark /tmp/sniff.pcap
If you have tshark on remote host, you could use that :
wireshark -k -i <(ssh -l root <REMOTE HOST> tshark -w - not tcp port 22)
The last snippet comes from http://wiki.wireshark.org/CaptureSetup/Pipes
Show Sample Output
Default output-file is "liveh.txt". This uses only BRE, in case you're using an older version of sed(1) that doesn't have support for ERE added. With a modern sed(1), to reduce false positive matches, you might do something like: liveh(){ tcpdump -lnnAs512 -i ${1-} tcp |sed 's/.*GET /GET /;s/.*Host: /Host: /;s/.*POST /POST /;/GET |Host: |POST /!d;/[\"'"'"]/d;/\.\./d;w '"${2-liveh.txt}"'' >/dev/null ;} Anyway, it's easy to clean up the output file with sed(1) later.
This works just as well for SMTP. You could run this on your mail server to watch e-mail senders and recipients: tcpdump -l -s0 -w - tcp dst port 25 | strings | grep -i 'MAIL FROM\|RCPT TO' Show Sample Output
View all memcache traffic
Outputs pseudo-random sounds to speakers (stereo mode because of -c 2) when there are any kind of network activity. Show Sample Output
commandline for mac os x
At some point you want to know what packets are flowing on your network. Use tcpdump for this. The man page is obtuse, to say the least, so here are some simple commands to get you started. -n means show IP numbers and don't try to translate them to names. -l means write a line as soon as it is ready. -i eth0 means trace the packets flowing through the first ethernet interface. src or dst w.x.y.z traces only packets going to or from IP address w.x.y.z. port 80 traces only packets for HTTP. proto udp traces only packets for UDP protocol. Once you are happy with each option combine them with 'and' 'or' 'not' to get the effects you want.
Sniffing traffic on port 80 only the first 1500 bytes
capture only ping echo requests with tcpdump Show Sample Output
It's certainly not nicely formatted SQL, but you can see the SQL in there...
Sometimes the question comes up: How to get unbuffered tcpdump output into the next program in the pipe? i.e. if your OS forces you to wait for the buffer to fill before the next program sees any of the output If you use -Uw- then you can't use -A (or -X or -XX) at the same time. When the question comes up, I've never seen anyone suggest this simple solution: chaining 2 tcpdump instances.
We can get useful statistics from tcpdump with this simple command. Thanks "Babak Farrokhi" to teaching me this ;)
Trace and view network traffic. I made this far too complicated.. now fixed, thanks zolden.
Simple TCPDUMP grepping for common unsafe protocols (HTTP, POP3, SMTP, FTP) Show Sample Output
commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.
Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.
» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10
Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):
Subscribe to the feed for: