tcpdump

All of the tools covered thus far in this chapter are most likely included in whichever Linux distribution you choose. tcpdump, although very popular, might not be included but should be the first thing installed after system installation. tcpdump is available at http://www.tcpdump.org/ and requires libpcap, also available at http://www.tcpdump.org, to operate. tcpdump is a small footprint protocol analyzer that should be placed on any Linux hosts acting as routers or performing other centralized services where troubleshooting should be infrequent but must be performed in a timely fashion when it is needed.

Sniffers on Routers

Some security professionals frown on the practice of placing sniffers on routers given that the sniffer will ...

Get Linux® Routing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.