LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   "grep" and "tcpdump" (https://www.linuxquestions.org/questions/linux-newbie-8/grep-and-tcpdump-305880/)

Magsol 03-25-2005 08:42 AM

"grep" and "tcpdump"
 
Hello all,

I still consider myself a fledgling linux user, even though I run my own server box which I recently upgraded from Fedora Core 2 to Fedora Core 3. Especially after signing up on these forums, I am convinced I am still quite green behind the ears. :)

Hence, I would like to ask the gurus to help me out in giving me a quick-and-dirty summary on how to use the "grep" and "tcpdump" commands effectively. Security is first and foremost on my mind, as I run an Apache webserver with MySQL and PHP, in addition to multiple gaming servers, off of the FC3 box. I have it sitting behind a Linksys (BEFSR41) router.

Basically I do a lot of looking through logs and analyzing network traffic. I feel these two commands would really help me out with that (especially in troubleshooting networking or server issues), but unfortunately I don't understand exactly how these work or how they're used very well.

Yes, I'm definitely still a :newbie: :D

Thanks!

obscure-shadow 03-25-2005 09:35 AM

I would... also be very interested in that.. I as well have a server that I built.. but i still have no idea what I am doing.. however i use streight up SuSE 9.2 in all of it.. I just learend what a pipe (|) is the other day.. all the code that i have use w/ grep... was told to me by somone else, without explanation of what it actually does....

jschiwal 03-25-2005 11:56 PM

You might want to use the ethereal program. You can enter a filter expression to look at just the lines you want. This is what you would use grep for. Tcpdump saves a binary format file, so grep wouldn't work in that case. You could however redirect the console output to a file, which would be text and use grep or sed to extract infomation.

If you have a tcpdump file saved, you can load it into ethereal. You can also export a text file. If you want to use grep on a text file from tcpdump or ethereal, you could use the -C n grep option to include 'n' lines of output after the match. Also consider using sed rather than grep. Sed could filter out blocks of lines you are interested. You could also have sed save certain matches to a file, and other types of matches to another file.

If you search this site, you will find a link to a web-site that goes into how to use ethereal for analysis.


All times are GMT -5. The time now is 03:26 AM.