Networking

From Unix Wiki
Jump to: navigation, search

Network analysis

Network packet sniffing

There are two great utilities for packet sniffing in *nix systems. It's a tcpdump (Linux,BSD) and snoop (in Solaris). There are the most common used examples of these programms:

View specific host on specific interface

# snoop -v -d e1000g0 -x0 host 192.168.10.102
# tcpdump -i eth0 host 192.168.10.102

and exclude your host from packet sniffing

# snoop -x0 -d e1000g0 host 192.168.10.102 not host 192.168.10.101
# tcpdump -i eth0 host 192.168.10.102 not host 192.168.10.101

View specific ports

View traffic on 21 port (FTP)

# snoop -x0 port 21
# tcpdump port 21

And multiple ports

# tcpdump port 21 or port 80 or port 111
# snoop -x0 port21 or port 80 or port 111

Sniff packets to file for Wireshark

# tcpdump -w sniff.pcap
# snoop -o sniff.pcap

Sniff packets between IP's

# tcpdump -i eth0 -n host 192.168.0.2 and 192.168.56.130 port 22
# snoop -d e1000g0 host 192.168.56.1 src ip 192.168.56.130 dst port 22

It will sniff packets between remote host 192.168.56.1 and source IP 192.168.56.130 on port 22