Tracing Packets on the Network

A number of tools are available that can examine and analyze the IP packets as they cross the network. If you just want to watch individual packets in real time, tcpdump is a command-line tool that prints the packet information to the console.

# tcpdump -i eth0

14:38:46.044397 arp who-has tell

14:38:46.044409 arp reply is-at 00:06:5b:57:9f:d1 (oui Unknown)

14:38:49.252742 IP snark.32933 > 55031+ A? (42)

14:38:49.253611 IP > snark.32933:

55031* 1/1/1 A[|domain] 14:38:49.254519 arp who-has tell snark

14:38:49.258581 arp reply is-at 00:00:1c:b5:5a:58 (oui Unknown)

14:38:49.258592 IP snark > ICMP echo request, id 5663, seq 1, length 64 14:38:49.262890 IP > snark: ICMP echo reply, id 5663, seq 1, length 64 14:38:50.253171 IP snark > ICMP echo request, id 5663, seq 2, length 64 9 packets captured 9 packets received by filter 0 packets dropped by kernel

You can save the output to a file for future analysis.

Wireshark (previously called Ethereal) is a very powerful graphical tool for network sniffing and analysis. It can filter packets according to multiple criteria, and can reassemble a particular network connection so that the data within it is visible (see Figure 15-1).

Was this article helpful?

0 0

Post a comment