TCPDump#
TCPDump is an open source CLI program for listening to traffic. As with any eavesdropping software, you must already have a ‘listener’ available. This could be:
A wireless listener
Wiretap
Port Mirroring (on a switch)
etc
Port Data#
sudo tcpdump port [portnumber] -A
You need sudo rights to run packet capture.
-A forces the results to be in ASCII.
Interface Data#
sudo tcpdump -vv -n -e -i [interface]
This will dump all the data on the interface.
-vv is very verbose
-n : dont look up DNS (just do the IP)
-e : show the ethernet MAC
-i : which interface to use