EducationSoftwareStrategy.com
StrategyCommunity

Knowledge Base

Product

Community

Knowledge Base

TopicsBrowse ArticlesDeveloper Zone

Product

Download SoftwareProduct DocumentationSecurity Hub

Education

Tutorial VideosSolution GalleryEducation courses

Community

GuidelinesGrandmastersEvents
x_social-icon_white.svglinkedin_social-icon_white.svg
Strategy logoCommunity

© Strategy Inc. All Rights Reserved.

LegalTerms of UsePrivacy Policy
  1. Home
  3. Topics

KB42120: How to capture network traffic in Linux using tcpdump

Community Admin

• Strategy

tcpdump is a very useful tool that helps gather information that sometimes cannot be found in the logs generated through the MicroStrategy Diagnostics Configuration application. This tool captures network traffic and which can be saved to a file.

tcpdump is a very useful tool that helps gather information that sometimes cannot be found in the logs generated through the Strategy Diagnostics Configuration application. This tool captures network traffic and which can be saved to a file.
 
In Linux, tcpdump can be launched by executing the command "tcpdump" in a console (it is normally required to run this command as root in order to have access to the traffic on network interfaces). Shown below is a list of useful parameters to capture the required information.

  • -i  -->  Listen on interface. If unspecified, tcpdump searches the system interface list for the lowest numbered, configured up interface (excluding loopback). Ties are broken by choosing the earliest match. It is recommended to use 'any' to get the traffic from all the interfaces.
  • -s  -->  Snarf snaplen bytes of data from each packet rather than the default of 65535 bytes. You should limit snaplen to the smallest number that will capture the protocol information you're interested in. Setting snaplen to 0 sets it to the default of 65535, for backwards compatibility with recent older versions of tcpdump.
  • -n  -->  Don't convert host addresses to names. This can be used to avoid DNS lookups.
  • -w  -->  Write the raw packets to file rather than parsing and printing them out.
  • port  -->  is a filter you can apply to capture traffic from a specific TDP/UDP port (e.g.: 'port 3862' for traffic to/from a LDAP server)
  • host --> is a filter you can apply to capture traffic from a specific host (e.g.: 'host 192.168.0.10' or 'host mstr.localdomain.net')
  • You can use logical operators like 'and' and 'or' to combine several ports or hosts.
  • To cancel the command execution simply press <CTRL+C>.

 
Examples:
 
tcpdump -i any -s0 -n -w <filename.cap> port <port number> and host <host name or host ip>
tcpdump -i any -s0 -n -w <filename.cap> port <port number> or host <host name or host ip>
tcpdump -i any -s0 -n -w <filename.cap> port <port number>
tcpdump -i any -s0 -n -w <filename.cap> host <host name or host ip>
tcpdump -i any -s0 -w <filename.cap>
 
 
REFERENCE:
http://www.tcpdump.org/tcpdump_man.html
 
WARNING:
The third-party product(s) discussed in this technical note is manufactured by vendors independent of Strategy. Strategy makes no warranty, express, implied or otherwise, regarding this product, including its performance or reliability..

Comment

0 comments

Details

Knowledge Article

Published:

April 8, 2017

Last Updated:

April 8, 2017