TCPDUMP is loaded by default in most modern Linux distributions. If it isn't installed, you can get it from the URL in Section 5
TCPDUMP--
- Download the "libpcap" source and run the following commands:
"md5sum libpcap-x.y.z.tar.gz" (exchange the x.y.z for your
version)
<bf>verify that this md5 hash is the same as the one posted from the
libpcap URL in <red id="sect-5" name="Section 5">
<p>
run "./configure"
"make"
"make install"
"make install-man"
"make install-incl"
"cp libpcap/bpf/net/* /usr/include/net"
- Download "tcpdump" and do the following commands:
"md5sum tcpdump-x.y.z.tar.gz" (exchange the x.y.z for your
version)
<bf>verify that this md5 hash is the same as the one posted from the
tcpdump URL in <red id="sect-5" name="Section 5">
<p>
"configure"
"make"
"make install"
"make install-man"
- Now run "tcpdump" and watch it fly. Look at TCPDUMP's man page as you can send captures to a file, filter the traffic to only stuff you care upon based on source IP, destination IP, ports, UDP, TCP, etc.