| Rich Freeman on 3 Sep 2014 18:43:57 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Tools for analyzing network traffic from personal computer? |
On Wed, Sep 3, 2014 at 9:17 PM, brent timothy saner <brent.saner@gmail.com> wrote: > netstat, lsof, and ilk are great for seeing listening UDP > sockets/established TCP connections/etc... > > and wireshark is great for a graphical breakdown of packet flow.. > > But if you're on a server and you want to capture complete traffic from > the commandline for analysis (which the cli-version of wireshark CAN do, > but on some distros it requires installation of the GUI wireshark as > well- which pulls in gtk2, X, etc. as dependencies) I do the following: > > tcpdump -w /path/to/desired/pcap/file -i <interface> It is also recommended to run tcpdump as root and then process the resulting dump file as non-root using wireshark, that way you're not exposing your system to any wireshark vulnerabilities. Another useful tool is ntop, though it is a bit less conventional in that its UI is a website. It is better for looking at the big picture - connections, traffic flow, etc. It isn't suitable for packet inspection, but it isn't limited to a single host like netstat is. Somebody mentioned looking at pids using lsof. I find lsof a pain since it is SO verbose with the unix sockets (I'm sure you can turn that off). I find a quick netstat -tlnp tends to tell me everything I need to know. -- Rich ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug