inside the mind of a linux admin

tcpdump – dump all the packets

I too always forget the parameters for this and have to look them up in the man page, so:

tcpdump -nnXSs 0 ‘port 80’

  • “-nn” makes it not lookup hostnames in DNS and service names (in /etc/services) for respectively faster and cleaner output.
  • “-X” makes it print each packet in hex and ascii; that’s really the useful bit for tracking headers and such
  • “-S” print absolute rather than relative TCP sequence numbers – If I remember right this is so you can compare tcpdump outputs from multiple users doing this at once
  • “-s 0” by default tcpdump will only capture the beginning of each packet, using 0 here will make it capture the full packets. We are debugging, right?

Instead of “port 80” you can make more complicated rules like “port 80 and host”.

Related Posts

synergy: How to enable crypto (encryption) and generate SSL certificate

The newer Linux versions of the popular mouse/keyboard sharing application “synergy” now has built in encryption. Here’s how to configure it: Just simply passing the –enable-crypto flag on your synergy server without having a proper SSL certificate will result in the inability to connect to clients and generate an error message similar to this in […]

Read More

Change Number Pad Delete (dot) key from a comma in Ubuntu Linux

I recently purchased a new keyboard and updated to the latest Ubuntu, I’m also an avid user of the number pad for quick input when dealing with spreadsheets or accounting. I found that my num pad’s delete key (“.”) was outputting a comma (“,”) instead. Pretty annoying? I agree, but this can be very easily […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.