Network sniffing on Linux


Just what the hell is your apache web server doing!! 🙂

Seeing how clients are connecting to servers and what data is passing between, can prove invaluable in finding the solutions to issues.



Network trace it – showing the headers and content being sent and received.



tcpdump -vvv -A -XX host and port 80

Just replace with your client ip address.

tcpdump -c 50 port 80
tcpdump: listening on eth0
00:43:09.262942 > bree.http: S 2445348839:2445348839(0) win 16384
00:43:09.263069 bree.http > S 3557400364:3557400364(0) ack 2445348840 win 5840 (DF)
00:43:09.265882 > bree.http: . ack 1 win 17520
00:43:09.268591 > bree.http: P 1:493(492) ack 1 win 17520

On AIX you can ordinarly use iptrace or tcpdump.

On Solaris, we simply use snoop.
snoop -x0 src hostname

Where source is the client and hostname is the server. Other options are port portnum, etc. snoop –help or man snoop for more options.



[tags]Network, Tracing, tcpdump, Linux[/tags]


If you have found my website useful, please consider buying me a coffee below 😉

Leave a Reply

Your email address will not be published. Required fields are marked *