| brent timothy saner on 3 Sep 2014 18:18:07 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Tools for analyzing network traffic from personal computer? |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 09/03/2014 08:19 PM, Paul Walker wrote: > I think I'll spin up a couple scripts to check network activity against > a baseline, but in the end I probably want to go with something more > robust.... LittleSnitch was recommended but I'd prefer to use something > foss. More research. > How has nobody mentioned tcpdump yet? netstat, lsof, and ilk are great for seeing listening UDP sockets/established TCP connections/etc... and wireshark is great for a graphical breakdown of packet flow.. But if you're on a server and you want to capture complete traffic from the commandline for analysis (which the cli-version of wireshark CAN do, but on some distros it requires installation of the GUI wireshark as well- which pulls in gtk2, X, etc. as dependencies) I do the following: tcpdump -w /path/to/desired/pcap/file -i <interface> (in older/non-GNU versions, you may need -s0 to capture full packets). You can then scp/rsync/whatever the pcap file and open it in wireshark for analysis. And yes, unlike wireshark, it's included by default in Mac OS X: http://support.apple.com/kb/HT3994 I use it even if I'm analyzing on the same machine I'm capturing because I find it easier to use (and lower on memory footprint) than wireshark when capturing. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJUB720AAoJEIwATC+TSB9r8ssP/3WfPcjl/ZTCNl1yzA/MhAT8 Fu7ByXMYRKoSrbh7oglhsFHCpuly71LaVcvxh17scz+oKVhgK9G3GMaZpdhehQGu ph9vHXD/3jGI83LScZ6vOSAkJN/7FuPbOMJ2h9QiB2sH+vwO5ZROVVCFNlvwKRXc MkSwPDFXTUnUhBSaYu4VlZfxOfCOCnyNUUK7x+0+ZPCc2Tp5D2GMeBYnbB0Sk0RJ z0I2MngISAHbpaRK9l2DLDnGvmNVBTbndItUojVzFSCi5QKS3J+oTLWTMd3G/py0 dyP0t014mQhLK+MQLw7i14bl+aGQ/MOStiEk7sNUVXjaJtsP14yxnY2lqzuUKiK+ HgpTaCVNEWvk6BEi/gyIbs3LUDUkAPcGpWx1TQso+Puf58VCwm5HpU7PMkgD4Mu2 7mmkZegtI45Pejn/riRCx+G0oLxih2b02DGwF5mbLfLhPH4fAoWLTXA33WSz6cH+ bpmHahyDIXCZMFX/WAO/287IbfW+HMcJ6REXUe8TNugr4X2zgU6KWi6XZ5xCMeDn qku0o4sVoNAmYYbY4ES4BqPj3RXtuM3oCCjFp+cp7cMCxYu1PJl86uNAt7fdK/DL jsHYd4eIzrKjQp08Q1+U+TDwx2BXwrmzDUwRrHMs8brhF7EVgBJRmwV9osIGMY6E hMZ9isJs7xr5uuR071/a =ORHu -----END PGP SIGNATURE----- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug