Solved

This is in AIX 5.3..Need to know the syntax oc tcpdump

Posted on 2010-11-11
5
926 Views
Last Modified: 2012-05-10
This is in AIX 5.3  I need to know the syntax of tcpdump
Say there is server with hostname   xyz123...I need to know  all packets arriving at or departing from the server
0
Comment
Question by:aixtutorial
  • 2
  • 2
5 Comments
 

Author Comment

by:aixtutorial
ID: 34116834
I need to knoe the syntaxf tcpdump
0
 
LVL 25

Expert Comment

by:madunix
ID: 34119060
man tcpdump will give you lots of documentation after you install it
http://www.networkstuff.eu/index.php/Tcpdump_Masterclass
tcpdump syntax for a specific host:
#tcpdump -i INTERFACE -n host MY_IP
tcpdump syntax for a specific port:
#tcpdump -i INTERFACE -n port PORT_NO
you might want to capture the traffic with tcpdump and look at it with Wireshark (formerly Ethereal).
#tcpdump -i INTERFACE -p -s 0 -w /path/x.trace.pcap port port_no
After finishing the trace load the  pcap file into wireshark for a detailed analysis.
http://www.linuxjournal.com/article/6446
http://www.linuxjournal.com/article/6447
http://www.linux-magazine.com/w3/issue/80/Wireshark.pdf
http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.cmds/doc/aixcmds5/tcpdump.htm
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34119185
tcpdump host xyz123

Issued on host xyz123 the above will show all packets to and from xyz123

wmp
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 250 total points
ID: 34119262
Or use iptrace:

iptrace -e -d xyz123 -s xyz123  /tmp/xyz123.trace

"-e" puts the interface into promiscuous mode so the trace can be run from any host in the same subnet as xyz123.

To stop tracing locate the PID of iptrace with "ps -ef | grep iptrace" and kill it with TERM: "kill -15 PID" "-15" is important - any other signal will leave the iptrace kernel extension active!

To view the trace file use ipreport - "ipreport /tmp/xyz123.trace"

"man iptrace" and "man ipreport" have more info.

wmp

0
 
LVL 25

Expert Comment

by:madunix
ID: 34128951
please read ibm redbook AIX 5L Performance Tools Handbook and IBM eServer Certification Study Guide AIX 5L Performance and System Tuning for more info
http://www.redbooks.ibm.com/abstracts/SG246039.html?Open
http://www.redbooks.ibm.com/abstracts/SG246184.html?Open
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
I have been running these systems for a few years now and I am just very happy with them.   I just wanted to share the manual that I have created for upgrades and other things.  Oooh yes! FreeBSD makes me happy (as a server), no maintenance and I al…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now