Tcpdump

From charlesreid1

Installing

Linux

tcpdump should come with your distro, but if it doesn't, use aptitude or your package manager to install: 

apt-get install tcpdump

Once you've done that, you can list your network devices: 

iwconfig

Pick out which ones you want to listen to.

Mac

tcpdump comes with Mac. Man page for tcpdump: https://developer.apple.com/library/mac/documentation/Darwin/Reference/ManPages/man1/tcpdump.1.html

List your network devices: 

ifconfig

Pick out which ones you want to listen to.

Usage

You will need to run tcpdump as sudo.

Unfiltered Packet Capture

The simplest way to use tcpdump is to do an unfiltered packet capture - no filters on packets, so everything is captured.

To do this, specify which device you want to listen to with the -i flag. Also specify an output file with the -w flag: 

tcpdump -i en0 -w output_file.pcap

-w prevents your computer from having a meltdown trying to print every single packet in a busy place.

You can also monitor multiple interfaces by specifying a list: -i en0,en1

Retrieved from "https://charlesreid1.com/w/index.php?title=Tcpdump&oldid=8886"