TCPDump
tcpdump -i [Network-Device] host [IP-Address]
In case you want to filter more specifically, b.e. filter on host and protocol, use this
tcpdump -i [Network-Device] -x 'ip host [hostname] and port http'
Ethereal Note that newer versions are called wireshark for the GUI Based tool, the CLI based tool is called tshark - replace were appropriate
tethereal -i [Network-Device]
If you want to limit on a specific IP-Address, b.e. your workstation IP, use the following
tethereal -i [Network-Device] -R ip.addr==[IP-Address]
and if you have the webserver running on a different port as 80 - tell ethereal what tcp-port to interprete as http traffic with the following
tethereal -i [Network-Device] -d tcp.port==[Port-Nr],http -R ip.addr==[IP-Address]
Another easy way to filter is:
tethereal -i [Network-Device] host [host-IP] and port [Port-Nr.]
If you want to dump the output to a file - append: -w output.dump to these strings - and you'll have all data dumped to these files - you can later read/open with ethereal for analisys.
IPtraf - provides you an easy way to identify non clean traffic. This means, even if tethereal and tcpdump show you some data, iptraf will not show you a packet count increase in case the data is valid, e.g. a wrong setup VLAN (Unidirectional traffic, missing parts of the tcp/ip traffic messages etc.
In case you have https-traffic to monitor - you can use ssldump to have a look at the traffic. this troubleshooting method is also very keen in case you see loads of ssl-decode errors. Try out the following:
ssldump -ni eth1 -d -k [pem-key] host [host-ip]
A very keen solution is to also tunnel the traffic from your workstation into an internal machine - to have a specific IP-Address to filter through the advanced recorder. This can be reached by using ssh in tunnel mode from your local machine (note that you'll need a local cli-based ssh solution on the workstation you are working from:
ssh -L [client-IP]:[client-Port]:[remote-IP]:[remote-port]
once done - connect to the application by using http://localhost[client-port]
|
Entered by smurphy on Tuesday, 21 October 2008 @ 09:43:36
|
Linux General - Common Linux problems, # Hits: 95489
|