I have installed Tcpdump on my RPI and placed the RPI between my router and server, i want to capture ip add. there is connecting and what files they are getting access to and ofc with a timestamp- But i can figure out what flags i have to use ? right know i am running tcpdump -I br0 and i really need it to be readable by a human :D asked 02 Jan '15, 16:31  notaduck |
One Answer:
I assume by 'RPI' you mean a Raspberry Pi (apparently) in bridged mode. If that's the case, you can can indeed use tcpdump to capture the traffic on the Pi. However I suggest to do the analysis with Wireshark, as it has more and better dissectors than tcpdump AND this is the Wireshark Q&A site ;-)
After you have finished capturing, copy /var/tmp/br0_frames.pcap with scp or WinSCP to a system where you have Wireshark installed and open the file with Wireshark.
If you understand what Wireshark will show you, depends on your knowledge of networking protocols. If you don't have that knowledge there is nothing Wireshark can do for you. Then you should look at the following resources. Books:
There obviously other books about networking. google will help: 'books networking'. Online resources: There are also some video tutorials about Wireshark on Youtube http://www.youtube.com/results?search_query=wireshark tutorial - Hint: Please open the link in a separate browser window/tab manually, if clicking the link in your browser does not work). Regards answered 04 Jan '15, 02:55  Kurt Knochner ♦ edited 04 Jan '15, 02:57 |
Somewhat off topic: As a Raspberry Pi user you may be aware of the fact that the SD card may not be the ideal storage for your capture file. You could mount a USB disk (on /media for instance) and write your capture file there.