Inspect Network Traffic from Simple Linux Cli App

Inspect network traffic from simple linux cli app

Use tcpdump in command line or wireshark in desktop.

For example, to capture web traffic.

tcpdump -s0 -i any -wfile.pcap port 80
To watch it directly remove the -wfile.pcap

To read a previously saved file

tcpdump -r file.pcap

However for web traffic if you are interested of watching the http flow as it comes I like to use tcpflow -C port 80

What's the easiest way to sniff TCP traffic data on Linux?

Update:

As pointed by Michal in the comments:
From tcpflow version 1.3 the -e option is used for specifying the scanner name. So the error "Invalid scanner name '8983'" is printed. The correct command is

sudo tcpflow -i any -C -J port 1234

(also -J has been changed to -g in the latest release)

Thanks to yves for pointing me to "tcpflow". Here's the commmand-line:

tcpflow -i any -C -e port 1234  # as root, or with sudo

This does everything I want

  • displays the data byte-for-byte as it comes in
  • doesn't display any other metadata
  • listens on all interfaces (so it captures data coming from within the machine and outside)

The "-C" tells it to dump to the console instead of a file.
The "-e" enables colors so client->server and server->client are visually distinct.

I installed tcpflow by simply doing

sudo apt-get install tcpflow

Network usage top/htop on Linux

jnettop is another candidate.

edit: it only shows the streams, not the owner processes.

How can I get the current network interface throughput statistics on Linux/UNIX?

You can parse the output of ifconfig

Monitor TCP Traffic on specific port

edit: I'm still getting upvotes for this years later. Please don't go for this answer, the answer using iptables here is far superior in my opinion.

tcpdump port 443 and '(tcp-syn|tcp-ack)!=0'

or only tcp-syn, or only tcp-ack (my guess would be that one), depending on what you need.

can we sniff some program's network traffic?

You have to either capture packets where you receive a duplicate from the NIC (pcap), or route requests through your own application so you can inspect the live packet flow (proxy-like).

For a WinPcap implementation in C#, take a look at SharpPcap. For a proxy, see here.

how to monitor the network on node.js similar to chrome/firefox developer tools?

I know it's not pretty, but you could always output the content of the response headers on the console inside your request call:

var req = https.request(options, function(res) {
    console.log("statusCode: ", res.statusCode);
    console.log("headers: ", res.headers);

    res.on('data', function(d) {
        process.stdout.write(d);
    });
});

Your original question, however, was not about problems with the server side but rather a problem with the node code itself so this wouldn't be of much use here.


Related Topics

Does a Fully Qualified Domain Name Need a Period

How to Concatenate Svg Files Lengthwise from Linux Command Line

Embedded Linux Poll() Returns Constantly

How Limit Memory Usage for a Single Linux Process and Not Kill The Process

Kill Random Process with Name

Setuid to Perl Script

How to Join 2 CSV Files with a Shell Script

How to Dynamic Load The Library with Same Name But in Different Directory in Linux

Understanding Exec in Bash

Windows .Crl to .Pem for Nginx

How to Get Opencl Working on an Ati Radeon Card

What Is The Differences and Relationships Between "Process", "Threads", "Task" and "Jobs" in Linux

Installing a Fully Functional Postgis 2.0 on Ubuntu Linux Geos/Gdal Issues

How to Use Unicode in Aspell Dictionary

When Compiling Programs to Run Inside a Vm, What Should March and Mtune Be Set To

List of Synchronous and Asynchronous Linux/Posix Signals

Udp Server Giving Segmentation Fault

Why Sizeof(Spinlock_T) Is Greater Than Zero on Uni-Processor


Leave a reply



Submit