Tip

TCPdump: Auditing network traffic

When analyzing actual network packets, TCPdump is a must-have tool. This tip explains how VARs and networking consultants can audit their customer's network traffic with this open source network application.

TCPdump: Qualify traffic and create a traffic collection statement

    Requires Free Membership to View

An alternative to using SACLs to qualify traffic is to use TCPdump. TCPdump is one of those staple tools that network and systems administrators alike reach for whenever they need to take a look at the actual network packets. It was written way back in the day and runs on Unix and Windows, and is consistently maintained by its author, Van Jacobson. It's not quite a packet sniffer, but it's close enough for government work.

Cleaned up data is necessary to make the information manageable as administrators will only be interested in the IP protocol information. By providing additional traffic information beyond just port and host details, TCPdump is a superior application over SACLs.

One of TCPdump's few weaknesses is that it must be run on a UNIX or Windows server connected to a hub with your customer's router to collect data.

Learn more about the TCPdump Unix traffic qualifying tool.

About the author
Michael J. Martin has been working in the information technology field as a network and Unix system admin for over 10 years. What's his biggest strength as an expert? He says it's his "broad base of experience in working in the ISP/carrier and enterprise spaces as both a systems and a network engineer." His background in designing, implementing, and supporting MIS infrastructures for research and ISPs gives him a unique perspective on large-scale internetworking and security architecture. Michael shares his wealth of knowledge in his monthly Router Expert series and in frequent Live Expert Webcasts.


This was first published in January 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.