tcpdump

You traffic is never safe when someone has access to your network.

tcpdump lets a network admin examine traffic as it is happening, normally used to diagnose problems.

tcpdump -i eth0 -l -t -A -q -s 0 "port smtp" and host 'xxx.xxx.xxx.xxx'

Lets me examine email traffic on the fly to see what is going on.

tcpdump -i eth0 -l -t -A -q -s 0 "port smtp" and host 'xxx.xxx.xxx.xxx'|grep "From:"

Lets me examine email traffic on the fly to see what is going on and see where emails are coming from, sender name. Useful if I am trying to track spam out breaks.

tcpdump -pnvi eth0 host xxx.xxx.xxx.xxx and port 80

This is my stock standard default command to look at traffic from/to one IP address for just one port.

About howlmc

50 something geek, who has owned way too many computers.
This entry was posted in Geek Out, Software. Bookmark the permalink.