Web Hosting Talk : Web Hosting Main Forums : Hosting Security and Technology : Hosting Security and Technology Tutorials : HOWTO - tcpdump

[Doggy]

What is tcpdump?
Tcpdump prints out what traffic is going inbound/outbound including headers.
----------------------------------------------------------------------------
Why should i usage tcpdump?
tcpdump is nice to monitor your network.
----------------------------------------------------------------------------

Download

RedHat 9
wget ftp://rpmfind.net/linux/redhat/9/en/...7.2-1.i386.rpm

RedHat 8
wget ftp://rpmfind.net/linux/redhat/updat...8.0.3.i386.rpm

----------------------------------------------------------------------------

Installation

RedHat 9
Previously installed rpm

Quote:

rpm -Uvh tcpdump-3.7.2-1.i386.rpm

New installation

Quote:

rpm -ivh tcpdump-3.7.2-1.i386.rpm

RedHat 8
Previously installed rpm

Quote:

rpm -Uvh tcpdump-3.6.3-17.8.0.3.i386.rpm

New installation

Quote:

rpm -ivh tcpdump-3.6.3-17.8.0.3.i386.rpm

----------------------------------------------------------------------------

Libpcap is required for tcpdump to operate, if you do not have it installed you can download it from the following links for your applicable Redhat version.

RedHat 9
ftp://rpmfind.net/linux/redhat/9/en/...7.2-1.i386.rpm

RedHat 8
ftp://rpmfind.net/linux/redhat/updat...8.0.2.i386.rpm

----------------------------------------------------------------------------

tcpdump is ready to run

To see what tcpdump does:

Quote:

tcpdump -c 2

----------------------------------------------------------------------------

Now you know the concept, you might want a gui for it.
There we come to iptraf
Download

RedHat 9
wget ftp://rpmfind.net/linux/redhat/9/en/...7.0-6.i386.rpm

RedHat 8
wget ftp://rpmfind.net/linux/redhat/8.0/e...7.0-3.i386.rpm

Installation via rpm -ivh

[AP2k2]

I install iptraf and what command to use after it?

[Doggy]

More info on:
tcpdump
iptraf

Enjoy your new monitor tools.

[Akash]

Can the RH9 rpm be used for RHEL?

[Doggy]

Hello ,


Yes it can.

Best Regards ,

Rui

[Doggy]

Why don't you add my HOW TO to "Technical and ..."

[genxweb]

Hum looks like a generic isntall doc. Here are some quick commands to help yu guys do some trouble shooting.

Remember you can pipe the output too.

Say I want to see traffic comming in for only one port I can do

tcpdump -ieth_name port 22

If I want to do a dump for icmp I could do

tcpdump -ieth_name | grep icmp

The best way to sue it for trouble shooting is to login to the box twic onseperate boxes if you dotn have duel screens and watch the traffic comming and going to verify the traffic is fllowing on your box. I use this alot while trouble shooting firewalls or vpn conenctions.

[AtlantaWebhost.com]

You can also have tcpdump log packets into a pcap (packet capture) file which can be viewed with Ethereal, which is basically a GUI version of tcpdump with some nice reports. The tcpdump packages also comes with tcpreplay which is very useful for running captures packets back through a network interface.

Frank

[ISPAndrewC]

An alternative to iptraf is iftop too: http://www.ex-parrot.com/~pdw/iftop/