[Wolves] Packet capture and port filtering

James Turner james at turnersoft.co.uk
Wed May 12 20:33:55 BST 2004


On Wednesday 12 May 2004 14:35, Andrew Roberts wrote:

> tcpdump -w dumpfile   will dump the packets into a file for later
> analysis. It is then possible to use tcpdump -r to read the file
> back in and filter/extract data from the packets.

You can also load tcpdump files into Ethereal for later analysis.

> It is worth noting that if your network is connected using switches
> rather than hubs, you won't be able to sniff all of the network
> traffic. Only traffic that is routed via/destined for or originating
>  from the local machine will be dumped.

However, if you have a managed switch that supports it, you can configure port 
mirroring in order to monitor other machines.

James



More information about the Wolves mailing list