tcpdump + wireshark

Wireshark is great to troubleshoot network problems. However, when you're working on a remote *nix server that has no X installed, it could get tricky to get it to work. Luckily, you can use tcpdump to write network traffic information to a dumpfile, which you can then download and view in wireshark:

tcpdump -i eth0 -s0 -w dumpfile

Explained:

  • -i eth0 ==> only traffic on eth0
  • -s0 ==> Do not set a size limitation (dump the entire packet)
  • -w dumpfile ==> Specify a file to write to

Download the dumpfile to your local computer, and use wireshark to view it's contents.
Other useful tcpdump filters:

tcpdump -i eth1 -s0 -w dumpfile host  and not port 22

Explained:

  • host ==> Only dump packets from/to specified ip address
  • and not port 22 ==> Don't dump ssh packets. (Useful when you're connected to the machine through ssh)