Some times we need to monitor our network traffic closely to find out the misbehavior of the server.
I found a combination of two excellent tools ( tcpdump and wireshark ) to meet my requirements.
Tcpdump (http://www.tcpdump.org ) : –
tcpdump is a well known packet capturing tool used in unix machines. Also its freely available with most of the distributions.
How to use the tcpdump commands
tcpdump -i <interface> -s <packet snapshot length > -w <some-file>
1) Capture packets and give the standard output to shell.
tcpdump -i eth0 -s 65535
c – count ( number of packets )
i – specify the interface
s – packet snapshot length (def: 65535)
2) Capture packets and write the result in to a file ( file.cap ) using ” -w ” option
tcpdump -c 2 -i eth0 -w file.cap
3) Read the captuared file , file.cap
tcpdump -tttt -r file.cap
4) Capture the packets coming through a specific port
tcpdump -i eth0 -c 100 port 22
5) Capture the packets from a specific destination IP
tcpdump -i eth0 port 80 and dst 18.104.22.168
Wireshark is the world’s foremost network protocol analyzer. It lets you capture and interactively browse the traffic running on a computer network.
How to diagnosis the captuared packets using WireShark
1) Download and install this software to your local machine windows or linux .
2) copy / download the captuared file ” file.cap ” to your local machine.
3) Open the file in wireshark
Just like the above pictures , its a GUI . You can diagnosis the packets very easily.