18.12. TCPDump

You can find the TCPDump Tool at Tools → TCPDump.

This tool is a packet analyzer that displays TCP/IP and other packets which are transmitted and received over the network.

The information is shown in real time in your browser.

You can specify the interface and the IP Protocol, v4 or v6. The count determines, after how many packets it stops. With packet length you can specify the number of bytes it will capture for each package. The default is 0 which will capture everything. A detail level can also be configured, which is set to normal by default. There is also the possibility to add additional filters by protocol, IP address, port or mac address. Those filters can be connected via logical operators like and, or and not.

You can also download the trace afterwards if you enable the Save to File option before you start tcpump.

The output could look like this:

tcpdump: listening on any, link-type LINUX_SLL (Linux cooked), capture size 262144 bytes
12:51:21.060482 IP (tos 0x0, ttl 64, id 3784, offset 0, flags [DF], proto TCP (6), length 162)
    vtair.localhost.hq.voleatech.com.8000 > IT1.hq.voleatech.com.57318: Flags [P.], cksum 0x92ec (incorrect -> 0xbd6a), seq 2584698705:2584698827, ack 1786006290, win 120, length 122
12:51:21.100800 IP (tos 0x0, ttl 127, id 26583, offset 0, flags [DF], proto TCP (6), length 40)
    IT1.hq.voleatech.com.57318 > vtair.localhost.hq.voleatech.com.8000: Flags [.], cksum 0x66f0 (correct), seq 1, ack 122, win 2052, length 0
12:51:21.365874 IP (tos 0x0, ttl 64, id 46612, offset 0, flags [DF], proto ICMP (1), length 28)
    vtair.localhost.hq.voleatech.com > 192.168.10.1: ICMP echo request, id 0, seq 17114, length 8
12:51:21.365959 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto ICMP (1), length 28)
    192.168.10.1 > vtair.localhost.hq.voleatech.com: ICMP echo reply, id 0, seq 17114, length 8
12:51:21.384065 ARP, Ethernet (len 6), IPv4 (len 4), Request who-has 192.168.10.143 tell pfSensedev.dev.hq.voleatech.com, length 46
12:51:21.396593 IP (tos 0x0, ttl 64, id 14672, offset 0, flags [DF], proto TCP (6), length 91)