Two utilities to monitor network are
1) Wireshark
2) tcpdump
1) Wireshark, is a network protocol analyzer and which generally uses filetype called .pcap or packet capture to record traffic.
The most pertinent part of a packet is its data payload and protocol information.
2) tcpdump is a built in command line utility that captures network traffic.
Command "$ sudo tcpdump -i eth1" will capture packets on eth1 interface.
Now, specifying tcpdump to only list traffic from the source 127.168.0.1 and save the information to a file.
$ sudo tcpdump -i eth0 -w packets.pcap src 127.168.0.1
Then use a tool like tshark to see our packets in the command line.
$ $ tshark -r packets.pcap
***
No comments:
Post a Comment