PC Quest: Monitoring Tools [for Linux - tcpdump]Aug 19, 2000, 14:04 (0 Talkback[s])
(Other stories by Sachin Makhija, Shekhar Govindarajan)
"tcpdump is a packet sniffer—a tool that can capture and see the contents of all packets flowing across the network. You can find tcpdump in the RedHat CD as an RPM."
"By default, the interface listened to is eth0—the first interface found after the loopback interface lo. The number of bytes captured by default—which is 68—suffices for most purposes. -e and -q are useful for peeking into the link header and to get less—but easy to read—information on each packet, respectively."
"You may not be looking for all the packets that flow through your network. So, you can capture packets flowing through selective hosts. For this use tcpdump's filtering expressions, in which you can use "and", "or" and "not" to build up the filter you want."