How to listen to network traffic in linux. A fast guide for every novice or expert that forgot the command. Easy sniffing.
An easy way to listen to network traffic flowing through a specific network interface is
tcpdump. You can set it to listen to different kind of things. You just have to set the filters properly.
Let’s say you’re “sniffing” your network by listening on the
port 80 (standart http). You would have to use the following command:
$ sudo tcpdump -i eth0 -v 'tcp port 80'
-i specifies the interface to listen to. In this example it’s the default ethernet interface
-v specifies a
pcap-filter. Read more about them in the manpage.
You could use this method to sort of make a man-in-the-middle attack, by providing a hotspot from your phone or something. Or you could just read what’s happening in the enterprise network. Both for security reasons of course.