Solved

This is in AIX 5.3..Need to know the syntax oc tcpdump

Posted on 2010-11-11
5
961 Views
Last Modified: 2012-05-10
This is in AIX 5.3  I need to know the syntax of tcpdump
Say there is server with hostname   xyz123...I need to know  all packets arriving at or departing from the server
0
Comment
Question by:aixtutorial
  • 2
  • 2
5 Comments
 

Author Comment

by:aixtutorial
ID: 34116834
I need to knoe the syntaxf tcpdump
0
 
LVL 25

Expert Comment

by:madunix
ID: 34119060
man tcpdump will give you lots of documentation after you install it
http://www.networkstuff.eu/index.php/Tcpdump_Masterclass
tcpdump syntax for a specific host:
#tcpdump -i INTERFACE -n host MY_IP
tcpdump syntax for a specific port:
#tcpdump -i INTERFACE -n port PORT_NO
you might want to capture the traffic with tcpdump and look at it with Wireshark (formerly Ethereal).
#tcpdump -i INTERFACE -p -s 0 -w /path/x.trace.pcap port port_no
After finishing the trace load the  pcap file into wireshark for a detailed analysis.
http://www.linuxjournal.com/article/6446
http://www.linuxjournal.com/article/6447
http://www.linux-magazine.com/w3/issue/80/Wireshark.pdf
http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.cmds/doc/aixcmds5/tcpdump.htm
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 34119185
tcpdump host xyz123

Issued on host xyz123 the above will show all packets to and from xyz123

wmp
0
 
LVL 68

Accepted Solution

by:
woolmilkporc earned 250 total points
ID: 34119262
Or use iptrace:

iptrace -e -d xyz123 -s xyz123  /tmp/xyz123.trace

"-e" puts the interface into promiscuous mode so the trace can be run from any host in the same subnet as xyz123.

To stop tracing locate the PID of iptrace with "ps -ef | grep iptrace" and kill it with TERM: "kill -15 PID" "-15" is important - any other signal will leave the iptrace kernel extension active!

To view the trace file use ipreport - "ipreport /tmp/xyz123.trace"

"man iptrace" and "man ipreport" have more info.

wmp

0
 
LVL 25

Expert Comment

by:madunix
ID: 34128951
please read ibm redbook AIX 5L Performance Tools Handbook and IBM eServer Certification Study Guide AIX 5L Performance and System Tuning for more info
http://www.redbooks.ibm.com/abstracts/SG246039.html?Open
http://www.redbooks.ibm.com/abstracts/SG246184.html?Open
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
wifi not working on Raspberry Pi 3? 2 81
Run same command on multiple files in Linux 3 57
Linux Desktop suggestion for Dell Inspiron 3043 13 53
Recover Lacie Edmini data. 11 54
Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question