Packet analysis with tcpdump
The tcpdump command is a packet analyzer that is able to capture and provide a description of the traffic being transmitted across a network interface. It is common to most flavors of Linux, and it provides access to a unique view of the network at the packet level that can prove vital when troubleshooting the network environment.
The basic syntax for using tcpdump is expressed in the following way:
# tcpdump -i <device_name>
You can also specify a protocol like this:
# tcpdump -i <device_name> tcp
While a port value can be used in the following way:
# tcpdump -i <device_name> port 22
Verbosity options can be issued by using -v or -vv, while DNS can be avoided with the -n option. However, because tcpdump will continue running until the request is cancelled, it is always preferable to use the -c option in order to capture a pre-determined number of events in the following way:
# tcpdump -c 10 -i <device_name>
Taking this one step further, you...
