Solved

This is in AIX 5.3..Need to know the syntax oc tcpdump

Posted on 2010-11-11
5
987 Views
Last Modified: 2012-05-10
This is in AIX 5.3  I need to know the syntax of tcpdump
Say there is server with hostname   xyz123...I need to know  all packets arriving at or departing from the server
0
Comment
Question by:aixtutorial
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 

Author Comment

by:aixtutorial
ID: 34116834
I need to knoe the syntaxf tcpdump
0
 
LVL 25

Expert Comment

by:madunix
ID: 34119060
man tcpdump will give you lots of documentation after you install it
http://www.networkstuff.eu/index.php/Tcpdump_Masterclass
tcpdump syntax for a specific host:
#tcpdump -i INTERFACE -n host MY_IP
tcpdump syntax for a specific port:
#tcpdump -i INTERFACE -n port PORT_NO
you might want to capture the traffic with tcpdump and look at it with Wireshark (formerly Ethereal).
#tcpdump -i INTERFACE -p -s 0 -w /path/x.trace.pcap port port_no
After finishing the trace load the  pcap file into wireshark for a detailed analysis.
http://www.linuxjournal.com/article/6446
http://www.linuxjournal.com/article/6447
http://www.linux-magazine.com/w3/issue/80/Wireshark.pdf
http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.cmds/doc/aixcmds5/tcpdump.htm
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34119185
tcpdump host xyz123

Issued on host xyz123 the above will show all packets to and from xyz123

wmp
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 250 total points
ID: 34119262
Or use iptrace:

iptrace -e -d xyz123 -s xyz123  /tmp/xyz123.trace

"-e" puts the interface into promiscuous mode so the trace can be run from any host in the same subnet as xyz123.

To stop tracing locate the PID of iptrace with "ps -ef | grep iptrace" and kill it with TERM: "kill -15 PID" "-15" is important - any other signal will leave the iptrace kernel extension active!

To view the trace file use ipreport - "ipreport /tmp/xyz123.trace"

"man iptrace" and "man ipreport" have more info.

wmp

0
 
LVL 25

Expert Comment

by:madunix
ID: 34128951
please read ibm redbook AIX 5L Performance Tools Handbook and IBM eServer Certification Study Guide AIX 5L Performance and System Tuning for more info
http://www.redbooks.ibm.com/abstracts/SG246039.html?Open
http://www.redbooks.ibm.com/abstracts/SG246184.html?Open
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question