Find the answer to your Linux question:
Results 1 to 8 of 8
hi all, I wanna ask about monitoring network in terminal. Like example, in my LAN, there's an IP 10.1.1.1; 10.1.1.2; 10.1.1.3. I want to know each IP for access what? ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2012
    Posts
    11

    Monitoring Network


    hi all,

    I wanna ask about monitoring network in terminal. Like example, in my LAN, there's an IP 10.1.1.1; 10.1.1.2; 10.1.1.3. I want to know each IP for access what?
    i tried ngrep but didnt find anything similar. is there's a better tool which access in terminal like ngrep.

    or you can show me what command (for monitoring network) in ngrep?..

    cain n able, snort etc doesnt count, cuz not running in terminal..

    btw, i used fedora.
    many thx

  2. #2
    Trusted Penguin Irithori's Avatar
    Join Date
    May 2009
    Location
    Munich
    Posts
    3,441
    Code:
    man tcpdump
    You must always face the curtain with a bow.

  3. #3
    Just Joined!
    Join Date
    Apr 2012
    Posts
    11
    could you more be specific, which one?
    bcause i've tried "tcpdump host 10.1.1.1" the result was not capture / address that IP access.

    Ex: IP 10.1.1.1 access = google.com, digg.com, youtube.com
    10.1.1.2 access = yahoo.com, facebook.com, linuxforums.org
    10.1.1.3 access = linkedin.com, etc, etc

    now, can i monitor all of that / each one IP from terminal?
    where IP 10.1.1.1; 10.1.1.2; 10.1.1.3 want to go? or what link he/she open?

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    Have you tried GOOGLE for this? Also where are you running this command? On your PC or the gateway?

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

  6. #5
    Just Joined!
    Join Date
    Apr 2012
    Posts
    11
    yes, i have tried google for this, but mostly heading me to wireshark, nmap or other non free tools.
    im running both on my laptop fedora, & gateway. But ussualy on my laptop.
    i tried in laptop with tcpdump -A, tcpdump -nn host x.x.x.1 thats nothing.

    But now i tried tcpdump 'tcp port 80' in my laptop, n shows wheres my IP access, like yahoo, google. But not show all of them.
    any clue?

  7. #6
    Trusted Penguin
    Join Date
    May 2011
    Posts
    4,353
    what is wrong with nmap? it's command-line based, free, easy, and feature-filled. hey, it's good enough for Trinity...

    # scan entire network range and all open ports (b/t 1-1024, by default i think)
    Code:
    nmap -n 10.1.1.0/24
    # just do a (quicker) ping scan
    Code:
    nmap -n -sP 10.1.1.0/24
    NOTE: the "-n" flag prevents DNS look-ups (making it a little quicker)

    read the nmap man page for more details and examples.

  8. #7
    Just Joined!
    Join Date
    Apr 2012
    Posts
    11
    hi atreyu, thx for reply,
    i already know about nmap, but i didnt know if nmap can do that.
    ussualy i used nmap just for scanning OS, IP n open port. never heard / didnt know for detect target IP on port 80 n what links did he open...

  9. #8
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    Location
    The Keystone State
    Posts
    2,677
    On a properly configured switched network you are only going to see your traffic and no one else. If you are looking for someone else then you are going to have to be in the path of that traffic which is normally at the gateway or configure your switches to copy all the target traffic to your port.

    Regards
    Robert

    Linux
    The adventure of a life time.

    Linux User #296285
    Get Counted

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •