I wanna ask about monitoring network in terminal. Like example, in my LAN, there's an IP 10.1.1.1; 10.1.1.2; 10.1.1.3. I want to know each IP for access what?
i tried ngrep but didnt find anything similar. is there's a better tool which access in terminal like ngrep.
or you can show me what command (for monitoring network) in ngrep?..
cain n able, snort etc doesnt count, cuz not running in terminal..
btw, i used fedora.
could you more be specific, which one?
bcause i've tried "tcpdump host 10.1.1.1" the result was not capture / address that IP access.
Ex: IP 10.1.1.1 access = google.com, digg.com, youtube.com
10.1.1.2 access = yahoo.com, facebook.com, linuxforums.org
10.1.1.3 access = linkedin.com, etc, etc
now, can i monitor all of that / each one IP from terminal?
where IP 10.1.1.1; 10.1.1.2; 10.1.1.3 want to go? or what link he/she open?
Have you tried GOOGLE for this? Also where are you running this command? On your PC or the gateway?
yes, i have tried google for this, but mostly heading me to wireshark, nmap or other non free tools.
im running both on my laptop fedora, & gateway. But ussualy on my laptop.
i tried in laptop with tcpdump -A, tcpdump -nn host x.x.x.1 thats nothing.
But now i tried tcpdump 'tcp port 80' in my laptop, n shows wheres my IP access, like yahoo, google. But not show all of them.
what is wrong with nmap? it's command-line based, free, easy, and feature-filled. hey, it's good enough for Trinity...
# scan entire network range and all open ports (b/t 1-1024, by default i think)
# just do a (quicker) ping scan
nmap -n 10.1.1.0/24
NOTE: the "-n" flag prevents DNS look-ups (making it a little quicker)
nmap -n -sP 10.1.1.0/24
read the nmap man page for more details and examples.
hi atreyu, thx for reply,
i already know about nmap, but i didnt know if nmap can do that.
ussualy i used nmap just for scanning OS, IP n open port. never heard / didnt know for detect target IP on port 80 n what links did he open...
On a properly configured switched network you are only going to see your traffic and no one else. If you are looking for someone else then you are going to have to be in the path of that traffic which is normally at the gateway or configure your switches to copy all the target traffic to your port.