Solved

This is in AIX 5.3..Need to know the syntax oc tcpdump

Posted on 2010-11-11
5
934 Views
Last Modified: 2012-05-10
This is in AIX 5.3  I need to know the syntax of tcpdump
Say there is server with hostname   xyz123...I need to know  all packets arriving at or departing from the server
0
Comment
Question by:aixtutorial
  • 2
  • 2
5 Comments
 

Author Comment

by:aixtutorial
ID: 34116834
I need to knoe the syntaxf tcpdump
0
 
LVL 25

Expert Comment

by:madunix
ID: 34119060
man tcpdump will give you lots of documentation after you install it
http://www.networkstuff.eu/index.php/Tcpdump_Masterclass
tcpdump syntax for a specific host:
#tcpdump -i INTERFACE -n host MY_IP
tcpdump syntax for a specific port:
#tcpdump -i INTERFACE -n port PORT_NO
you might want to capture the traffic with tcpdump and look at it with Wireshark (formerly Ethereal).
#tcpdump -i INTERFACE -p -s 0 -w /path/x.trace.pcap port port_no
After finishing the trace load the  pcap file into wireshark for a detailed analysis.
http://www.linuxjournal.com/article/6446
http://www.linuxjournal.com/article/6447
http://www.linux-magazine.com/w3/issue/80/Wireshark.pdf
http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.cmds/doc/aixcmds5/tcpdump.htm
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34119185
tcpdump host xyz123

Issued on host xyz123 the above will show all packets to and from xyz123

wmp
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 250 total points
ID: 34119262
Or use iptrace:

iptrace -e -d xyz123 -s xyz123  /tmp/xyz123.trace

"-e" puts the interface into promiscuous mode so the trace can be run from any host in the same subnet as xyz123.

To stop tracing locate the PID of iptrace with "ps -ef | grep iptrace" and kill it with TERM: "kill -15 PID" "-15" is important - any other signal will leave the iptrace kernel extension active!

To view the trace file use ipreport - "ipreport /tmp/xyz123.trace"

"man iptrace" and "man ipreport" have more info.

wmp

0
 
LVL 25

Expert Comment

by:madunix
ID: 34128951
please read ibm redbook AIX 5L Performance Tools Handbook and IBM eServer Certification Study Guide AIX 5L Performance and System Tuning for more info
http://www.redbooks.ibm.com/abstracts/SG246039.html?Open
http://www.redbooks.ibm.com/abstracts/SG246184.html?Open
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Install Dell OpenManage on Ubuntu PowerEdge R410 3 41
Best way to virtualise a remote Linux server 2 49
cannot connect to openvpn server 9 59
Linux hostname change 2 52
If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now