G.5. tcpdump

The tcpdump utility is a not as friendly as some other network diagnostic tools. Some of the output is

This is a good time to mention that tcpdump can capture and store packet flows for consumption at a later date. Frequently, you may find yourself without a top-notch packet analysis utility such as ethereal. Fortunately, you can create tcpdump data files and view them with a tool such as ethereal. Even if a stream analysis tool is not available, the documentation for ethereal is tremendously helpful in packet analysis.

G.5.1. Using tcpdump to view ARP messages

Example G.16. Viewing an ARP broadcast request and reply with tcpdump

[root@masq-gw]# 


          

Example G.17. Viewing a gratuitous ARP packet with tcpdump

[root@masq-gw]# 


          

Example G.18. Viewing unicast ARP packets with tcpdump

[root@masq-gw]# 


          

G.5.2. Using tcpdump to see ICMP unreachable messages

Example G.19. tcpdump reporting port unreachable

[root@masq-gw]# 


          

Example G.20. tcpdump reporting host unreachable

[root@masq-gw]# 


          

Example G.21. tcpdump reporting net unreachable

[root@masq-gw]# 


          

G.5.3. Using tcpdump to watch TCP sessions

Example G.22. Monitoring TCP window sizes with tcpdump

[root@masq-gw]# 


          

Example G.23. Examining TCP flags with tcpdump

[root@masq-gw]# 


          

Example G.24. Examining TCP acknowledgement numbers with tcpdump

[root@masq-gw]# 


          

G.5.4. Reading and writing tcpdump data

Example G.25. Writing tcpdump data to a file

[root@masq-gw]# 


          

Example G.26. Reading tcpdump data from a file

[root@masq-gw]# 


          

Example G.27. Causing tcpdump to use a line buffer

[root@masq-gw]# 


          

G.5.5. Understanding fragmentation as reported by tcpdump

Example G.28. Understanding fragmentation as reported by tcpdump

[root@masq-gw]# 


          

G.5.6. Other options to the tcpdump command

Example G.29. Specifying interface with tcpdump

[root@masq-gw]# 


          

Example G.30. Timestamp related options to tcpdump

[root@masq-gw]#