Having an linux distro (ubuntu in my case) it is easier to monitor traffic inbound and outbound from my pc and also other pc's connected on my network . There are softwares/applications which does that for you in a graphical user interface but I like to do it in the geeky way.There applications such as Wireshark and ethereal but one i suggest is TCPDump.
TCPDump comes pre-installed in your Ubuntu machine therefore accessing it will be from your terminal, just type tcpdump and it starts capturing traffic.
You have to know what interfaces are up and running on your PC/laptop. To do this just run # tcpdump -D which should show ethernet connection, wireless connection, loopback, and any. Normally if you are not using wireless choose ethernet interface which is eth0 OR eth1 depending on how many network cards the PC has.
You can give it some filters such as # tcpdump -c 10 -i eth0 which will only capture 10 packets.
If you have many people on your network and you know their ip address, somehow you got nosy and wanted to see what websites they are visiting just run tcpdump and add these filters to capture traffic from their specific ip address. Example if their ip address was 192.168.0.4 you would type # tcpdump -i eth0 src 192.168.0.4 and slowly you will see their traffic.
Later you can save your capture traffics to a file which later you can retrieve just run # tcpdump -w 1st.pcap -i eth0 file -w means write, 1st.pcap is your captured file and -i eth0 is the interface you capturing from.
You should try it out, its fun. Get more infor from the TCPdump site www.tcpdump.org/
No comments:
Post a Comment