Difference between revisions of "Monitor Network Traffic with Tcpick"
Jump to navigation
Jump to search
(Created page with 'Tcpick is a very nice toool to monior network traffic on LAN.<br> It shows all packets in realtime colorized format. It is easier for the eyes compared to tcpdump.<br> Install ...') |
|||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
Tcpick is a very nice toool to monior network traffic on LAN.<br> | Tcpick is a very nice toool to monior network traffic on LAN.<br> | ||
It shows all packets in realtime colorized format. It is easier for the eyes compared to tcpdump.<br> | It shows all packets in realtime colorized format. It is easier for the eyes compared to tcpdump.<br> | ||
Install tcpick:<br> | Install tcpick:<br> | ||
<pre>apt-get install tcpick | <pre>apt-get install tcpick | ||
</pre> | </pre> | ||
Look for port 80 traffic:<br> | Look for port 80 HTTP traffic:<br> | ||
<pre>tcpick -i br0 -C -yP -h "port 80" | <pre>tcpick -i br0 -C -yP -h "port 80" | ||
</pre> | </pre> | ||
Look for port 25 SMTP traffic:<br> | Look for port 25 SMTP traffic:<br> | ||
<pre>tcpick -i br0 -C -yP -h "port 25" | <pre>tcpick -i br0 -C -yP -h "port 25" | ||
</pre> | </pre> | ||
Look for MSN Traffic:<br> | Look for MSN Traffic:<br> | ||
<pre>tcpick -i br0 -C -yP -h "port 1863" | <pre>tcpick -i br0 -C -yP -h "port 1863" | ||
</pre> | </pre> | ||
Filter one specific host to look for and log the output in realtime:<br> | Filter one specific host to look for and log the output in realtime: (You can also use >> instead of the tee command)<br> | ||
<pre>tcpick -i br0 -C -yP -h "port 1863" "host 192.168.10.68" | tee /tmp/messenlog_host_192.168.10.68.txt | <pre>tcpick -i br0 -C -yP -h "port 1863" "host 192.168.10.68" | tee /tmp/messenlog_host_192.168.10.68.txt | ||
</pre> | </pre> | ||
Filter one specific host to look for and log the output in background (beware logs can take large space)<br> | Filter one specific host to look for and log the output in background (beware logs can take large space):<br> | ||
<pre>tcpick -i br0 -C -yP -h "port 1863" "host 192.168.10.68" | tee /tmp/messenlog_host_192.168.10.68.txt nohup & | <pre>tcpick -i br0 -C -yP -h "port 1863" "host 192.168.10.68" | tee /tmp/messenlog_host_192.168.10.68.txt nohup & | ||
</pre> | </pre> | ||
To stop | To stop: | ||
<pre>killall tcpick | <pre>killall tcpick | ||
</pre> | </pre> | ||
Latest revision as of 14:16, 25 December 2010
Tcpick is a very nice toool to monior network traffic on LAN.
It shows all packets in realtime colorized format. It is easier for the eyes compared to tcpdump.
Install tcpick:
apt-get install tcpick
Look for port 80 HTTP traffic:
tcpick -i br0 -C -yP -h "port 80"
Look for port 25 SMTP traffic:
tcpick -i br0 -C -yP -h "port 25"
Look for MSN Traffic:
tcpick -i br0 -C -yP -h "port 1863"
Filter one specific host to look for and log the output in realtime: (You can also use >> instead of the tee command)
tcpick -i br0 -C -yP -h "port 1863" "host 192.168.10.68" | tee /tmp/messenlog_host_192.168.10.68.txt
Filter one specific host to look for and log the output in background (beware logs can take large space):
tcpick -i br0 -C -yP -h "port 1863" "host 192.168.10.68" | tee /tmp/messenlog_host_192.168.10.68.txt nohup &
To stop:
killall tcpick