| Jay Anderson on 3 Sep 2014 18:55:16 -0700 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Tools for analyzing network traffic from personal computer? |
|
On 09/03/14 21:36, Rich Freeman wrote:
Check out snort as well (http://snort.org). It has rules to detect all sorts of interesting (and not necessarily nice) things on the network. It has been a around awhile.On Wed, Sep 3, 2014 at 9:17 PM, brent timothy saner <brent.saner@gmail.com> wrote:netstat, lsof, and ilk are great for seeing listening UDP sockets/established TCP connections/etc... and wireshark is great for a graphical breakdown of packet flow.. But if you're on a server and you want to capture complete traffic from the commandline for analysis (which the cli-version of wireshark CAN do, but on some distros it requires installation of the GUI wireshark as well- which pulls in gtk2, X, etc. as dependencies) I do the following: tcpdump -w /path/to/desired/pcap/file -i <interface>It is also recommended to run tcpdump as root and then process the resulting dump file as non-root using wireshark, that way you're not exposing your system to any wireshark vulnerabilities. Another useful tool is ntop, though it is a bit less conventional in that its UI is a website. It is better for looking at the big picture - connections, traffic flow, etc. It isn't suitable for packet inspection, but it isn't limited to a single host like netstat is. Somebody mentioned looking at pids using lsof. I find lsof a pain since it is SO verbose with the unix sockets (I'm sure you can turn that off). I find a quick netstat -tlnp tends to tell me everything I need to know. Jay |
___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug