Tcpdump
Tcpdump is native to Linux and does not run on Windows systems. Tcpdump is installed by default on a large number of Linux/UNIX systems. Because tcpdump is so widely used, there is a wealth of support information and articles on the Internet on how to use tcpdump. The syntax and usage is nearly identical to that of WinDump, which we have already discussed, so what will do here is demonstrate how to install tcpdump on a Linux system if you find it isn't already installed.
In order to install the tcpdump package, obtain or locate the appropriate package file for your distribution. Different distributions may have packages specific to their configuration, or a given distribution may not support the newest version of a piece of software.Then enter the following command to install tcpdump (for this example it is version 3.9.4-1):
rpm -i tcpdump-3.9.4-1.i586.rpm
If the installation is successful, you should see output similar to the following:
Preparing... ######################################## [100%] 1: tcpdump-3.9.4-1 ######################################## [100%]
To uninstall the package you must use the package name, which is not the same as the name of the RPM file.To uninstall tcpdump 3.9.4-1, enter the following command, using the -e switch for erase:
rpm -e tcpdump-3.9.4-1
We hope that by this point you have some idea of the troubleshooting power a sniffer can provide.You might wonder why you wouldn't just put Wireshark on every system in case a troubleshooting issue comes up. Consider that if a hacker manages to gain access to one of your systems; a network sniffer can be an indispensable information-gathering tool for the hacker. If you provide a pre-installed and configured sniffer for the hacker to use, you might make the hacker's job a lot easier. On top of that, installing additional software on production systems is generally something you want to minimize if at all possible.Although the WinPcap driver install has been very dependable for a while now (which wasn't always the case), installing network drivers always carries the risk of disrupting network communications if something goes wrong.These are two very compelling reasons for using ngSniff or a comparable GUI-based sniffer that does not need to be installed on the system. In most cases these sniffers that use Windows raw sockets can be run from a pen drive or from a CD-ROM, or even run from a mapped network drive.
In this tutorial:
- Network Reporting and Troubleshooting
- Reporting on Bandwidth Usage and Other Metrics
- Collecting Data for Analysis
- Understanding SNMP
- SNMP Security
- Configuring Multi Router Traffic Grapher
- Configuring MZL & Novatech TrafficStatistic
- Configuring PRTG Traffic Grapher
- Configuring ntop
- Enabling SNMP on Windows Hosts
- Enabling SNMP on Linux Hosts
- Troubleshooting Network Problems
- Using a GUI Sniffer
- Using a Command-Line Sniffer
- Windump
- ngSniff
- Tcpdump
- Additional Troubleshooting Tools
- Netcat
- Tracetcp
- Netstat