The tcpdump utility is a not as friendly as some
other network diagnostic tools. Some of the output is
This is a good time to mention that tcpdump can capture and store
packet flows for consumption at a later date. Frequently, you may
find yourself without a top-notch packet analysis utility such as
ethereal.
Fortunately, you can
create tcpdump data
files and view them with a tool such as
ethereal. Even if a stream analysis tool is not
available, the
documentation
for ethereal is tremendously helpful in
packet analysis.
5.1. Using tcpdump to view ARP messages
Example G.16. Viewing an ARP broadcast request and reply with
tcpdump
[root@masq-gw]#
Example G.17. Viewing a gratuitous ARP packet with
tcpdump
[root@masq-gw]#
Example G.18. Viewing unicast ARP packets with
tcpdump
[root@masq-gw]#
5.2. Using tcpdump to see ICMP unreachable
messages
Example G.19. tcpdump reporting port unreachable
[root@masq-gw]#
Example G.20. tcpdump reporting host unreachable
[root@masq-gw]#
Example G.21. tcpdump reporting net unreachable
[root@masq-gw]#
5.3. Using tcpdump to watch TCP sessions
Example G.22. Monitoring TCP window sizes with
tcpdump
[root@masq-gw]#
Example G.23. Examining TCP flags with tcpdump
[root@masq-gw]#
Example G.24. Examining TCP acknowledgement numbers with
tcpdump
[root@masq-gw]#
5.4. Reading and writing tcpdump data
Example G.25. Writing tcpdump data to a file
[root@masq-gw]#
Example G.26. Reading tcpdump data from a file
[root@masq-gw]#
Example G.27. Causing tcpdump to use a line buffer
[root@masq-gw]#
5.5. Understanding fragmentation as reported by
tcpdump
Example G.28. Understanding fragmentation as reported by
tcpdump
[root@masq-gw]#
5.6. Other options to the tcpdump command
Example G.29. Specifying interface with tcpdump
[root@masq-gw]#
Example G.30. Timestamp related options to tcpdump