A chronological documentation test project, nothing serious, really!

17 Sep 2008 Listen to network traffic using tcpdump

Posted by

Please note that you have to be the root user to use this command because it puts the network card in promiscuous mode.

# tcpdump -i eth0 -A -s 0 udp port 1514 and host

The example above command listens on port 1514 which is the port ossec-hids uses on its secure communication between server/agent.

-i Listen on interface.
-A Print each packet (minus its link level header) in ASCII.
-s Snarf snaplen bytes of data from each packet rather than the default of 68 (with SunOS’s NIT, the minimum is actually 96). Setting snaplen to 0 means use the required length to catch whole packets.
udp - listen to UDP traffic
port - the port you want to listen to
host your host IP address


Comments are closed.