Home » Questions » Computers [ Ask a new question ]

What's the easiest way to sniff TCP traffic data on Linux?

What's the easiest way to sniff TCP traffic data on Linux?

I want a simple way to show all the TCP data (not the TCP headers or anything else) going over any interface on my Linux box.

Asked by: Guest | Views: 123
Total answers/comments: 4
Guest [Entry]


As pointed by Michal in the comments:
From tcpflow version 1.3 the -e option is used for specifying the scanner name. So the error ""Invalid scanner name '8983'"" is printed. The correct command is

sudo tcpflow -i any -C -J port 1234

(also -J has been changed to -g in the latest release)

Thanks to yves for pointing me to ""tcpflow"". Here's the commmand-line:

tcpflow -i any -C -e port 1234 # as root, or with sudo

This does everything I want

displays the data byte-for-byte as it comes in
doesn't display any other metadata
listens on all interfaces (so it captures data coming from within the machine and outside)

The ""-C"" tells it to dump to the console instead of a file.
The ""-e"" enables colors so client->server and server->client are visually distinct.

I installed tcpflow by simply doing

sudo apt-get install tcpflow"
Guest [Entry]

Try Wireshark. It's an excellent protocol analyser targeted for both Linux and Windows.
Guest [Entry]

Take a look at Chaosreader. Though it does a bit more than you ask for and slightly differently, probably you could modify the code of it to do what you want.
Guest [Entry]

Maybe you can write a wrapper for tcpdump, for example, which will remove all redundant information