From Unix Wiki
Jump to: navigation, search

Network analysis

Network packet sniffing

There are two great utilities for packet sniffing in *nix systems. It's a tcpdump (Linux,BSD) and snoop (in Solaris). There are the most common used examples of these programms:

View specific host on specific interface

# snoop -v -d e1000g0 -x0 host
# tcpdump -i eth0 host

and exclude your host from packet sniffing

# snoop -x0 -d e1000g0 host not host
# tcpdump -i eth0 host not host

View specific ports

View traffic on 21 port (FTP)

# snoop -x0 port 21
# tcpdump port 21

And multiple ports

# tcpdump port 21 or port 80 or port 111
# snoop -x0 port21 or port 80 or port 111

Sniff packets to file for Wireshark

# tcpdump -w sniff.pcap
# snoop -o sniff.pcap

Sniff packets between IP's

# tcpdump -i eth0 -n host and port 22
# snoop -d e1000g0 host src ip dst port 22

It will sniff packets between remote host and source IP on port 22