tcpdump is used to capture traffic for analysis.
General Usage
# interface port file to save
| | |
`tcpdump -i eth0 [udp] port 8096 -w /tmp/collectd-0001.pcap`
Download locally and open with wireshark.
To Search: Edit -> Find Packet -> String
To Copy: RClick -> Copy -> ...as Printable Text
tcpdump -i any port 389 or port 636 or port 88 or port 464 or port 80 or port 443 -w /tmp/ipa5-server-traffic.pcap
rsync ipa5.infra.example.net:/tmp/ipa5-server-traffic.pcap ~/Downloads/
tshark -r ~/Downloads/ipa5-server-traffic.pcap -T fields -e ip.dst ip.src | sort | uniq > ip_list.txt
while read p; do grep ${p} ../named/zones/external.example.net; done <ip_list.txt