My Techie Guy: TCP Dump - WireShark Capture/Snoop on a Unix/Linux interface

Saturday, May 17, 2014

TCP Dump - WireShark Capture/Snoop on a Unix/Linux interface - Free Script

Here is a free tool to capture live packets on a Unix/Linux interface and analyze the captured packets using WireShark.

Simple Procedure:
1. Download the tcpdump tool here
2. Unzip the file
3. Transfer the file to the server whose interface you want to snoop
4. You might want to change the file permissions to make it executable (command: #chmod 777 file_name)
5. Identify the interface name that you want to snoop (command: #ifconfig -a)
6. Run the script: ./tcpdump -i eth88 -s 0 -w filename.cap
where:

-i eth88 refers to the specified listening network interface.
-s 0 indicates that the message length is not limited. By default, 1,024 bytes is captured from each packet.
-w filename.cap directly writes the packet into the file without analysis or printout. replace filename with the actual name of the file.

My Techie Guy

Search My Techie Guy

Saturday, May 17, 2014

TCP Dump - WireShark Capture/Snoop on a Unix/Linux interface - Free Script

No comments: