grerates.blogg.se - Filter port pcap wireshark

Let’s do it! Let’s say I want to record all TCP traffic to port 80 (so, HTTP). The secret here is that we can use tcpdump to record network traffic, and then use a tool that we’re less scared of (Wireshark) to analyze it on our laptop after.

Use tcpdump to record network traffic on the machine for 10 minutes.

You could add some monitoring somewhere inside your program. Let’s suppose you have some slow HTTP requests happening on your machine, and you want to get a distribution of how slow they are. But what options? We’ll find out! First, let’s get concrete about the problems we’re trying to solve.

So, we’ve learned that we need to pass some… options… to tcpdump to actually make use of it without being a TCP wizard. I don’t know what hardly any of this means (though, I wrote a tiny TCP stack one time so I sorta know. The first time I ran tcpdump I took one look at some output like that, went WELP NOPE NOPE NOPE NOPE NOPE NOPE and gave up on tcpdump. If I just run sudo tcpdump -i wlan0 (listen to wireless network traffic plz!), tcpdump says this: 23:48:26.679315 IP 206. > kiwi.lan.47121: Flags , Let’s go! tcpdump: the basics (or: how not to use it) Now I am wiser and I am here to show you that tcpdump is awesome and there is no need to be scared of it. I was scared of it for a long time and refused to learn how to use it. Tcpdump is a tool that will tell you about network traffic on your machine. It took me 2 years, but I think now I love tcpdump.