TCPDUMP – Fast and Easy

TCPDump is a fine way to find out what a system is doing with another system, but generally you will see so much noise unless you limit the traffic that it will be difficult to see what’s happening.  This command did the trick for me when analyzing a problem with FTP

tcpdump src net 10.1.1.73 or dst net 10.1.1.73 -e -vv -w FTP_from_73.cap

Sometimes you may just want to look at dhcp information.

tcpdump -lenx -i eth0 -s 1500 port bootps or port bootpc

I ran this on the FTP server to capture the bare minimum of frames.  We wanted to get both sides of the conversation, the source (src) and the destination (dst) so that we have all the communication between the two systems.  One thing that you may be missing in this scenario is when one or both of these system call out to a third server, like a DNS server.  If you need to do that, just tcpdump everything.

So how do you view this.  Well, I creates a .cap file that is visible and filterable in wireshark which you can load with yum or apt-get.

About Jay Farschman - Jay currently works as a Senior Systems Administrator for an asset management company in Colorado where he works with companies that produce hardware, telecommunications software and financial services.  Jay previously owned a consulting company and provided training and consulting services for three Fortune 500 companies and numerous small businesses where he leveraged Linux to provided exceptional value.

Nmap with three commands

Network Mapper is an essential tool for every SysAdmin.  You need to probe around the network to make sure people haven’t left ports open in a haphazard manner.   These commands should get you ther.

Ping sweep and a reverse DNS shows you who is on the logical network with you:

nmap -sP 10.1.1.0/24

-sS does a bit of scanning for ports

nmap -sS 10.1.1.23

Or you can set off all the alarms on the network with the following pots scan of everything.

nmap -O 10.1.1.0/24

About Jay Farschman - Jay currently works as a Senior Systems Administrator for an asset management company in Colorado where he works with companies that produce hardware, telecommunications software and financial services.  Jay previously owned a consulting company and provided training and consulting services for three Fortune 500 companies and numerous small businesses where he leveraged Linux to provided exceptional value.