ServerBuddies Support Blog

How to check packet Flows using tcpdump

Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression. It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets that match expression will be processed by tcpdump.

One of the most common uses of tcpdump is to determine whether you are getting basic two-way communication.

Command Options:

icmp View icmp packets
tcp port port-number View TCP packets with packets with either a source or destination TCP port of port-number
udp port port-number View UDP packets with either a source or destination UDP port of port-number

Example:

By using the -w filename option you can send the entire Ethernet frame, not just a brief IP information that normally goes to the screen, to a file. This can then be analyzed by graphical analysis tools such as Wireshark, which is available in both Windows and Linux

The -n switch stops DNS name lookups and will make tcpdump work more reliably.

Tags: check, Flows, packet, Tcpdump, Using

Trackback URI | Comments RSS