tcpdump
Rick Stevens
ricks at nerd.com
Wed Jul 9 23:35:24 UTC 2008
tony.chamberlain at lemko.com wrote:
> I want to look at all the traffic coming to my web browser (192.168.5.191)
> (tomcat on port 80) using tcpdump.
>
> If I say tcpdump port 80
>
> that will get 80 coming and going. Also if I say
> tcpdump dst port 80
> I will still get any traffic I have to other web sites.
>
> I thought tcpdump (dst port 80) and (dst host 192.168.5.191)
> would work but that does not seem to get anything. I went to
> 192.168.5.191/~chamberl from another machine, got my web page
> but nothing in the tcp dump.
I'm assuming you're running tcpdump on machine A. You want to see
traffic between machine B and machine C. If machines A and B are
plugged into a network _switch_, the switch routes traffic to/from B's
port only--it never appears at A's port so tcpdump can't see it. That's
what switches do.
If you DO want to eavesdrop on other machines, you must use a network
_hub_, NOT a switch, or force your switch to go into hub mode or have
it put A's port on the same VLAN as B's port. Big switches can do
that...the cheap ones can't.
> What is the correct way to do this (all incoming to my web browser)?
> Theoretically besdies 192.168.5.191 I would also like 127.0.0.1
>
>
--
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer rps2 at nerd.com -
- Hosting Consulting, Inc. -
- -
- Change is inevitable, except from a vending machine. -
----------------------------------------------------------------------
More information about the fedora-list
mailing list