Network sniffing on Linux

[problem]

Just what the hell is your apache web server doing!! 🙂

Seeing how clients are connecting to servers and what data is passing between, can prove invaluable in finding the solutions to issues.

[/problem]

[solution]

Network trace it – showing the headers and content being sent and received.

[/solution]

[example]


tcpdump -vvv -A -XX host 10.0.0.8 and port 80

Just replace 10.0.0.8 with your client ip address.

tcpdump -c 50 port 80
tcpdump: listening on eth0
00:43:09.262942 10.0.0.8.1288 > bree.http: S 2445348839:2445348839(0) win 16384
00:43:09.263069 bree.http > 10.0.0.8.1288: S 3557400364:3557400364(0) ack 2445348840 win 5840 (DF)
00:43:09.265882 10.0.0.8.1288 > bree.http: . ack 1 win 17520
00:43:09.268591 10.0.0.8.1288 > bree.http: P 1:493(492) ack 1 win 17520

On AIX you can ordinarly use iptrace or tcpdump.

On Solaris, we simply use snoop.
snoop -x0 src hostname

Where source is the client and hostname is the server. Other options are port portnum, etc. snoop –help or man snoop for more options.

[/example]

[reference]

[tags]Network, Tracing, tcpdump, Linux[/tags]

[/reference]

If you have found my website useful, please consider buying me a coffee below 😉

Leave a Reply

Your email address will not be published. Required fields are marked *