This week I rediscovered
tcpdump. Like Wireshark, this command displays your network traffic. Unlike Wireshark, it’s a shell command and is therefor a more convenient choice for server admins who rely on ssh.
The easiest way to use tcpdump is to just run
sudo tcpdump from your terminal. Depending on your current traffic it will flood your screen with every request going out or coming in.
To see what’s in those packages you can use
sudo tcpdump -A port 25 or port 587
This will show you what’s going on when you send an e-mail from your local machine.
Another interesting usecase is analyzing HTML logins:
sudo tcpdump -A dst host runnable.com
- visit a dummy login I’ve made on runnable.com
- submit random data
- watch your tcpdump output
- see, why it’s a good idea to use SSL
Of course you can do much more with this tool and luckily there is a lot of documentation out there. Some interesting links: