Network traffic monitoring with tcpdump

tcpdump is a command-line network traffic analyzer. It allows capture of network packets from a host and subsequent filtering and display.

Sample applications

Show traffic into port 2003 from a given host

sudo tcpdump -A -nn 'port 2003 and src host 10.60.35.49'

Must run as root (sudo)
-A print ASCII payload
-nn numeric IP and ports

Snippets

# Sudo a long command line
sudo bash -c "
# Get 16th field
cut -f16 -d\| /data/sample.csv | 
# Render unicode as ASCII
iconv -f utf8 -t ascii//TRANSLIT | 
# Drop empty lines
sed '/^$/d' | 
# Filter for lines longer than 30 characters
awk 'length(\$0) > 30' > /data/sample.out"