Monitor traffic with tcpdump command

From WiDirect
Jump to: navigation, search

A utility called tcpdump is available for monitoring network traffic. This utility is useful for diagnosing connection problems, or for monitoring activity on a network interface. This command can monitor traffic for a single user, or for all traffic on an interface. To exit out of tcpdump at anytime press Control-C. Below are some common tcpdump commands.

Monitor all traffic on eth1 for all users: sudo /usr/sbin/tcpdump -ieth1

Monitor traffic on eth1 for IP 10.4.1.20: sudo /usr/sbin/tcpdump -ieth1 host 10.4.1.20

Monitor traffic on eth1 for MAC 00:11:22:33:44:55: sudo /usr/sbin/tcpdump -ieth1 ether host 00:11:22:33:44:55

Monitor DNS requests on eth1: sudo /usr/sbin/tcpdump -ieth1 port 53

Monitor DHCP requests on eth1: sudo /usr/sbin/tcpdump -ieth1 port 67