A number of tools are available that can examine and analyze the IP packets as they cross the network. If you just want to watch individual packets in real time, tcpdump is a command-line tool that prints the packet information to the console.
# tcpdump -i eth0
14:38:46.044397 arp who-has flamingo.disruptive.org.uk tell rogerwhittaker.disruptive.org.uk
14:38:46.044409 arp reply flamingo.disruptive.org.uk is-at 00:06:5b:57:9f:d1 (oui Unknown)
14:38:49.252742 IP snark.32933 > rogerwhittaker.disruptive.org.uk.domain: 55031+ A? hatter.disruptive.org.uk. (42)
14:38:49.253611 IP rogerwhittaker.disruptive.org.uk.domain > snark.32933:
55031* 1/1/1 A[|domain] 14:38:49.254519 arp who-has tester.disruptive.org.uk tell snark
14:38:49.258581 arp reply tester.disruptive.org.uk is-at 00:00:1c:b5:5a:58 (oui Unknown)
14:38:49.258592 IP snark > tester.disruptive.org.uk: ICMP echo request, id 5663, seq 1, length 64 14:38:49.262890 IP tester.disruptive.org.uk > snark: ICMP echo reply, id 5663, seq 1, length 64 14:38:50.253171 IP snark > tester.disruptive.org.uk: ICMP echo request, id 5663, seq 2, length 64 9 packets captured 9 packets received by filter 0 packets dropped by kernel
You can save the output to a file for future analysis.
Wireshark (previously called Ethereal) is a very powerful graphical tool for network sniffing and analysis. It can filter packets according to multiple criteria, and can reassemble a particular network connection so that the data within it is visible (see Figure 15-1).
Was this article helpful?