then open with wireshark
NOTE: When opening the files you might need to strip the very top line with notepad++ as its a mistake header This is useful when the local machine where you need to do the packet capture with tcpdump doesn?t have enough room to save the file, where as your remote host does tcpdump -i eth0 -w - | ssh forge.remotehost.com -c arcfour,blowfish-cbc -C -p 50005 "cat - | gzip > /tmp/eth0.pcap.gz" Your @ PC1 doing a tcpdump of PC1s eth0 interface and its going to save the output @ PC2 who is called save.location.com to a file /tmp/eth0-to-me.pcap.gz again on PC2 More info @: http://www.kossboss.com/linuxtcpdump1 Show Sample Output
capture 2000 packets and print the top 10 talkers
You don't need this command often and there are other ways to test output but if you want to be sure if your router and ethernet card are working this is one way. Show Sample Output
The command is useful for monitoring the use of the boxes and their connection IP. Result file "sniff" is readable with GUI program "wireshark" or through CLI with the command: tcpdump -f "sniff" -XX Show Sample Output
The tcpdump arguments are just an example.
analyze traffic remotely over ssh w/ wireshark When using tcpdump, specify -U option to prevent buffering and -iany to see all interfaces. Show Sample Output
Sometimes it is useful to have just a general picture of "what is taking all the bandwidth here". Running this command will limit tcpdump to a few packets (instead of flooding your terminal endlessly) and will provide a small, but sometimes sufficient, sample to determine what is going on. Useful to quickly diagnose DOS attacks.
Where src or dst is the host that you want to view the HTTP header.
This is useful when the local machine where you need to do the packet capture with tcpdump doesn?t have enough room to save the file, where as your remote host does tcpdump -i eth0 -w - | ssh savelocation.com -c arcfour,blowfish-cbc -C -p 50005 "cat - > /tmp/eth0.pcap" Your @ PC1 doing a tcpdump of PC1s eth0 interface and its going to save the output @ PC2 who is called save.location.com to a file /tmp/ppp1-to-me.pcap.gz again on PC2 More info @: http://www.kossboss.com/linuxtcpdump1 Show Sample Output
Human readable representation of the headers of an ICAP request, using tcpdump Show Sample Output
capture trafic for wireshark from spesific eth interface Show Sample Output
tcpdump into file with date format for wireshark Show Sample Output
This is a better way to do the "src X or dst X" filter; plus you might not want to bother with DNS lookups (-n).
commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.
Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.
» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10
Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):
Subscribe to the feed for: