Network sniffing on Linux

Problem

Just what the hell is your apache web server doing!! 🙂

Seeing how clients are connecting to servers and what data is passing between, can prove invaluable in finding the solutions to issues.



Solution

Network trace it – showing the headers and content being sent and received.



Example



tcpdump -vvv -A -XX host 10.0.0.8 and port 80

Just replace 10.0.0.8 with your client ip address.

tcpdump -c 50 port 80
tcpdump: listening on eth0
00:43:09.262942 10.0.0.8.1288 > bree.http: S 2445348839:2445348839(0) win 16384
00:43:09.263069 bree.http > 10.0.0.8.1288: S 3557400364:3557400364(0) ack 2445348840 win 5840 (DF)
00:43:09.265882 10.0.0.8.1288 > bree.http: . ack 1 win 17520
00:43:09.268591 10.0.0.8.1288 > bree.http: P 1:493(492) ack 1 win 17520

On AIX you can ordinarly use iptrace or tcpdump.

On Solaris, we simply use snoop.
snoop -x0 src hostname

Where source is the client and hostname is the server. Other options are port portnum, etc. snoop –help or man snoop for more options.



Reference

[tags]Network, Tracing, tcpdump, Linux[/tags]



Leave a Reply

Your email address will not be published. Required fields are marked *