I just needed to help our dev team in proving that certain IM messages weren’t being queued and then delivered once connection resumes. That calls for a TCPDUMP!  

This command will show you the entire payload of a packet. The final “s” increases the snaplength, grabbing the whole packet.

 
tcpdump -nnvvXSs 1514 -i <device> <filters>
 
eg tcpdump -nnvvXSs 1514 -i eth1 host awebsite.com.org.net (fyi the domain doesn’t exist 😉 )
 
I also had to email it to management, who will continue the good fight, which requires some sort of usable output:

tcpdump -lnnvvXSs 1514 -i eth1 host awebsite.com.org.net | tee tcpdump.txt

This showed me the output on screen and also copied the output to a txt doc – which I emailed to management.
 
(Please remember that you need to run these commands using sudo)
 
 
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s