It will capture all packets that hit your interface and print them on your screen, you can stop the process with “Ctrl + c”. (we are going to use “eth0” which is my main interface you should replace it with your interface name) tcpdump -i eth0 Using the “-i” argument you can select a specific interface to monitor and capture, for example, start capturing one of your active interfaces with the command below. You should see something like below which lists your interfaces, their status, and a brief explanation of what that interface doing:ģ.any (Pseudo-device that captures on all interfaces) Ĥ.bluetooth-monitor (Bluetooth Linux Monitor) ĥ.nflog (Linux netfilter log (NFLOG) interface) Ħ.nfqueue (Linux netfilter queue (NFQUEUE) interface) ħ.usbmon0 (Raw USB traffic, all USB buses) Ĩ.usbmon1 (Raw USB traffic, bus number 1) Verify the installation by checking the version: tcpdump -version Show Interfacesīefore you can monitor and capture anything you need to know how many interfaces you have and what are their names so that you can use them to filter and get the desired results, you can get a list of your systems interfaces with the following command: tcpdump -D You can install TCPdump with the command below: yum install tcpdump If you get the following output it means that you don’t have TCPdump installed: -bash: tcpdump: command not found If you are using an RHEL operating system there is a good chance that TCPdump is already installed on your system, so first, run the following command (or any TCPdump command) to check if it is already installed: tcpdump -D it is a command-line interface application and it can provide information about packets in several formats depending on the arguments used. TCPdump is open-source and it’s freely available under the BSD license. TCPdump is a network analyzer utility that can monitor and log, TCP/IP traffic passing through the network and the device from which it is executed.
0 kommentar(er)
