[GLLUG] tcpdump

[Chick Tower]

On 08/13/2016 10:04 PM, Charles Ulrich wrote:
> You might have to specify which interface to monitor. tcpdump and
> wireshark just might default to the loopback interface (lo) if no
> ethernet- or wifi-like interface was detected. On dialup I would assume
> your interface is ppp0, so something like this (as root);
>
> tcpdump -i ppp0 -w traffic.pcap
>
> I don't see why just capturing with wireshark wouldn't work. (Again, as
> root or as a member of a privileged group.) Should just be a matter of
> selecting the right interface and clicking the "start capture" icon.

Yeah, that did it, Charles.  Thanks.  Unfortunately, at first glance it 
appears most of the traffic is specified as involving the domain of the 
modem pool my ISP uses in the St. Louis, MO, area, so not the detail I 
was hoping for.  Further study is required.

I'm sure wireshark would work, but I don't have that installed.  I was 
looking at it and it said it's like tcpdump with a GUI, so that's why 
I'm trying the installed tcpdump.  Not everyone runs away crying at the 
sight of the command line.     :)
-- 

                                Chick