[Wolves] Packet capture and port filtering
Andrew Roberts
ar at nooneishere.co.uk
Wed May 12 14:36:06 BST 2004
On Wed, 12 May 2004 13:55:40 +0100 (BST), Adam Sweet <drinky76 at yahoo.com>
wrote:
> Hi guys, sorry to be all amateur in the face of some
> very experienced heads, but I've just been asked to
> sniff our network and filter it for traffic on a
> specific port.
tcpdump -w dumpfile will dump the packets into a file for later
analysis. It is then possible to use tcpdump -r to read the file
back in and filter/extract data from the packets.
It is worth noting that if your network is connected using switches
rather than hubs, you won't be able to sniff all of the network
traffic. Only traffic that is routed via/destined for or originating
from the local machine will be dumped.
Regards,
--
Andrew Roberts ASCII ribbon campaign /"\
ar AT nooneishere.co.uk - against HTML email \ /
http://arc.pasp.de/ X
================================================================= / \
More information about the Wolves
mailing list