Web Hosting Talk






PDA

View Full Version : HOWTO - tcpdump

Doggy
01-30-2004, 01:57 PM
What is tcpdump?
Tcpdump prints out what traffic is going inbound/outbound including headers.
----------------------------------------------------------------------------
Why should i usage tcpdump?
tcpdump is nice to monitor your network.
----------------------------------------------------------------------------

Download

RedHat 9
wget ftp://rpmfind.net/linux/redhat/9/en/os/i386/RedHat/RPMS/tcpdump-3.7.2-1.i386.rpm

RedHat 8
wget ftp://rpmfind.net/linux/redhat/updates/8.0/en/os/i386/tcpdump-3.6.3-17.8.0.3.i386.rpm

----------------------------------------------------------------------------

Installation

RedHat 9
Previously installed rpm
rpm -Uvh tcpdump-3.7.2-1.i386.rpm

New installation
rpm -ivh tcpdump-3.7.2-1.i386.rpm

RedHat 8
Previously installed rpm
rpm -Uvh tcpdump-3.6.3-17.8.0.3.i386.rpm

New installation
rpm -ivh tcpdump-3.6.3-17.8.0.3.i386.rpm

----------------------------------------------------------------------------

Libpcap is required for tcpdump to operate, if you do not have it installed you can download it from the following links for your applicable Redhat version.

RedHat 9
ftp://rpmfind.net/linux/redhat/9/en/os/i386/RedHat/RPMS/libpcap-0.7.2-1.i386.rpm

RedHat 8
ftp://rpmfind.net/linux/redhat/updates/8.0/en/os/i386/libpcap-0.6.2-17.8.0.2.i386.rpm

----------------------------------------------------------------------------

tcpdump is ready to run ;)

To see what tcpdump does:

tcpdump -c 2

----------------------------------------------------------------------------

Now you know the concept, you might want a gui for it.
There we come to iptraf
Download

RedHat 9
wget ftp://rpmfind.net/linux/redhat/9/en/os/i386/RedHat/RPMS/iptraf-2.7.0-6.i386.rpm

RedHat 8
wget ftp://rpmfind.net/linux/redhat/8.0/en/os/i386/RedHat/RPMS/iptraf-2.7.0-3.i386.rpm

Installation via rpm -ivh
AP2k2
02-03-2004, 02:40 AM
I install iptraf and what command to use after it?
Doggy
02-03-2004, 03:49 PM
More info on:
tcpdump (http://www.tcpdump.org/)
iptraf (http://cebu.mozcom.com/riker/iptraf)

Enjoy your new monitor tools.
Akash
02-18-2004, 02:10 PM
Can the RH9 rpm be used for RHEL?
Doggy
02-18-2004, 05:50 PM
Hello ,


Yes it can.

Best Regards ,

Rui
Doggy
02-27-2004, 03:27 PM
Why don't you add my HOW TO to "Technical and ..."
genxweb
12-09-2004, 03:49 PM
Hum looks like a generic isntall doc. Here are some quick commands to help yu guys do some trouble shooting.

Remember you can pipe the output too.

Say I want to see traffic comming in for only one port I can do

tcpdump -ieth_name port 22

If I want to do a dump for icmp I could do

tcpdump -ieth_name | grep icmp

The best way to sue it for trouble shooting is to login to the box twic onseperate boxes if you dotn have duel screens and watch the traffic comming and going to verify the traffic is fllowing on your box. I use this alot while trouble shooting firewalls or vpn conenctions.
AtlantaWebhost.com
01-02-2005, 03:31 PM
You can also have tcpdump log packets into a pcap (packet capture) file which can be viewed with Ethereal, which is basically a GUI version of tcpdump with some nice reports. The tcpdump packages also comes with tcpreplay which is very useful for running captures packets back through a network interface.

Frank
ISPAndrewC
01-03-2005, 12:35 AM
An alternative to iptraf is iftop too: http://www.ex-parrot.com/~pdw/iftop/