LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page tcpdump?
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 02-20-2010, 12:08 AM   #1
hadimotamedi
Member
 
Registered: Aug 2009
Posts: 228

Rep: Reputation: 30
tcpdump?

Dear All
I have put tcpdump trace on port 4957 on my Linux server , as the following :
#tcpdump port 4957
I want to obtain the payload data to see what is realy being exchanged between my Linux server and the outside network element . Can you please let me know how I can modify my command ?
Thank you
 
Old 02-20-2010, 01:17 AM   #2
mattseanbachman
Member
 
Registered: Feb 2010
Posts: 40

Rep: Reputation: 15
Quote:
Originally Posted by hadimotamedi View Post
Dear All
I have put tcpdump trace on port 4957 on my Linux server , as the following :
#tcpdump port 4957
I want to obtain the payload data to see what is realy being exchanged between my Linux server and the outside network element . Can you please let me know how I can modify my command ?
Thank you
Well, I think that you might need to run tcpdump as the super-user. At least that's what I need to do on my Ubuntu rig. That way you can run in promiscuous mode and capture everything that hits the server's interface.

sudo tcpdump -s0 -vvv -w dumpfile

So, right there something like that should do it for you. I tacked on the -w dumpfile so that way it writes it to a file instead of dumping it onto the screen. I don't read that fast.
 
Old 02-20-2010, 01:19 AM   #3
mattseanbachman
Member
 
Registered: Feb 2010
Posts: 40

Rep: Reputation: 15
Also I don't know what the heck runs on that port 4957 but you have it right that you can specify a port number with tcpdump. If you need more help I would consult the tcpdump man page, it's not light reading but there's some good stuff in there .
 
Old 02-20-2010, 04:35 AM   #4
hadimotamedi
Member
 
Registered: Aug 2009
Posts: 228

Original Poster
Rep: Reputation: 30
Quote:
Originally Posted by mattseanbachman View Post
Well, I think that you might need to run tcpdump as the super-user. At least that's what I need to do on my Ubuntu rig. That way you can run in promiscuous mode and capture everything that hits the server's interface.

sudo tcpdump -s0 -vvv -w dumpfile

So, right there something like that should do it for you. I tacked on the -w dumpfile so that way it writes it to a file instead of dumping it onto the screen. I don't read that fast.

I tried as the followings :
#tcpdump -s0 -vvv port 4959
But it didn't produce more human readable output from the 'tcpdump port 4959' output . Can you please give me a hint on this ?
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
tcpdump tt1ect Linux - Software 1 11-18-2008 11:34 AM
tcpdump Tihi Linux - Security 3 06-01-2005 05:54 AM
10.1 and tcpdump pr0nd3xtr Slackware - Installation 0 03-09-2005 03:37 PM
tcpdump gbell72 Linux - Security 5 09-18-2003 02:08 PM
tcpdump isbrower Linux - Networking 2 06-11-2001 03:48 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 09:40 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration