tcpdump and ethereal are network traffic analysis tools; the former is a rough-and-ready command-line utility, while the latter has a GUI and can in addition analyse many protocols.
tcpdump prints out the headers of packets on a given network interface which match the given boolean expression.
Some examples:
tcpdump -i hme0
# print all packet headers arriving at or leaving interface hme0
tcpdump talby.csu.umist.ac.uk
# print all packet headers arriving from or leaving for talby
# on the default interface
tcpdump 'tcp port 80'
# print tcp traffic on local port 80
tcpdump 'host not talby.csu.man.ac.uk'
# print everything except packets to/from
Ethereal is like tcpdump with a GUI and (more importantly) a protocol analyser — tcpdump on steroids.
From the home page:
ngrep strives to
provide most of GNU grep's common features, applying them to the network
layer. ngrep is a pcap-aware tool [cf. tcpdump] that will
allow you to specify extended regular or hexadecimal expressions to
match against data payloads of packets. It currently recognizes TCP, UDP,
ICMP... and understands bpf filter logic in the same fashion
as... tcpdump....
Examples:
ngrep -d any port 25
# ...any device
ngrep -i -d any 'error' port syslog
# ...monitor SysLog traffic (port 514) for the string "error"
# (case-insensitive)
ngrep -wi -d any 'user|pass' port 21
# ...traffic on src/dest port 21, look (case-insensitive) for
# "user" and "pass" as word-expressions (must have non-alphanumeric
# delimiting characters) --- sniff out credentials
| ...previous | up (conts) | next... |