Making a Connection with tcpdump

Contributed by jose on 2002-11-20 from the that-other-OS dept.

Linux Journal's website recently ran a pair of pieces on using tcpdump(8) . They're entitled "Making a connection with tcpdump", and part 1 and part 2 ran back to back. You may also be interested in a BSD column which ran last year on OnLamp which covered tcpdump .

Aside from network troubleshooting, tcpdump is a great way to learn about IP networking and infrastructures. It's also a threat to network security the form on sniffers and connection hijacking tools. Read up!

(Comments are closed)

Comments

By Rob () rehartley@sympatico.ca on 2002-11-20 03:38 mailto:rehartley@sympatico.ca

Sadly, tcpdump is off the air for a while.

I have recently been enjoying Ethereal which seems to allow even more layer 2 examination.

It has worked great for IPSEC debugging, and the "wiretap" library seems to pick up where the old libpcap left off.
Comments
1. By Jason () jtestart@REMOVEMEryerson.ca on 2002-11-20 15:55 mailto:jtestart@REMOVEMEryerson.ca
  
  I enjoy Ethereal too but I like tcpdump for those cases where I need to capture some traffic on a Unix machine somewhere for further analysis with Ethereal. I know there is tethereal, but the binary is 4 times the size and is linked to twice the number of libraries.
  
  Small and simple is nice sometimes!
2. By Anonymous Coward () on 2002-11-20 18:27
  
  wiretap? What library is this? Got url?
  Comments
  1. By Robert () rehartley@sympatico.ca on 2002-11-21 02:06 mailto:rehartley@sympatico.ca
    
    I found it in a directory called wiretap the source code, along with an explanation about why they went with it instead of using libpcap.
    
    dwonloaded from:
    http://www.ethereal.com/download.html#sources
    
    Comments
    
    By Anonymous Coward () on 2002-11-21 03:01
    
    uh... there is no such discussion. Can you cut & paste it here?
By Anonymous Coward () on 2002-11-21 22:33

That "connection" wouldn't be the source trojan attempting to call home, would it?

Latest Articles

Thu, Apr 18
- 05:05 Coming soon to a -current system near you: parallel raw IP input (0)
Wed, Apr 17
- 05:33 In -current, default write format for tar(1) changed to "pax" (10)
Wed, Apr 10
- 18:50 OpenSMTPD 7.5.0p0 Released (2)
Tue, Apr 09
- 04:49 20 years since "and we're just starting": undeadly.org turns 20 (2024-04-09) (13)
Fri, Apr 05
- 06:16 OpenBSD 7.5 released (3)
Thu, Mar 28
- 18:18 LibreSSL 3.8.4 and 3.9.1 released (0)
Tue, Mar 12
- 06:53 OpenSSH 9.7/9.7p1 released! (0)
Mon, Mar 11
- 11:28 Game of Trees 0.97 released (0)
Sun, Mar 10
- 09:06 LibreSSL versions 3.8.3 and 3.9.0 released (0)

Credits

Copyright © 2004-2008 Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to April 2nd 2004 as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]