[Wolves] Packet capture and port filtering

Andrew Roberts ar at nooneishere.co.uk
Wed May 12 14:36:06 BST 2004


On Wed, 12 May 2004 13:55:40 +0100 (BST), Adam Sweet <drinky76 at yahoo.com>  
wrote:

> Hi guys, sorry to be all amateur in the face of some
> very experienced heads, but I've just been asked to
> sniff our network and filter it for traffic on a
> specific port.

tcpdump -w dumpfile   will dump the packets into a file for later
analysis. It is then possible to use tcpdump -r to read the file
back in and filter/extract data from the packets.

It is worth noting that if your network is connected using switches
rather than hubs, you won't be able to sniff all of the network
traffic. Only traffic that is routed via/destined for or originating
 from the local machine will be dumped.

Regards,
-- 
Andrew Roberts                              ASCII ribbon campaign /"\
ar AT nooneishere.co.uk                      - against HTML email \ /
                                               http://arc.pasp.de/  X
================================================================= / \



More information about the Wolves mailing list