What's the easiest way to sniff TCP traffic data on Linux?
Problem
I want a simple way to show all the TCP data (not the TCP headers or anything else) going over any interface on my Linux box. For instance, I want a magical command that if I do: then if there was a server listening on port 1234 on my machine, and someone did: Then the magical command would just print out: I've tried "tcpdump", "ethereal", "tethereal", "tshark", and others, but it isn't obvious how you get them to: not show IP addresses or other metadata only show the "data" being sent, not individual packets and their headers print the data as-is, not in hex, and not with packet-offset markers sniff all network traffic (whether it's on eth0 or eth1 or lo, etc...) Yes, you could probably string together a piped set of unix commands to do this, but that isn't very easy to remember for next time :) If you have a simple example of an exact command-line that does this, that's what I'd like.
Error Output
magic_commmand_I_want port=1234
Unverified for your environment
Select your OS to check compatibility.
1 Fix
Fix for: What's the easiest way to sniff TCP traffic data on Linux?
Update: As pointed by Michal in the comments: From tcpflow version 1.3 the -e option is used for specifying the scanner name. So the error "Invalid scanner name '8983'" is printed. The correct command is (also has been changed to in the latest release) Thanks to yves for pointing me to "tcpflow". Here's the commmand-line: This does everything I want displays the data byte-for-byte as it comes in doesn't display any other metadata listens on all interfaces (so it captures data coming from within…
Awaiting Verification
Be the first to verify this fix
Sign in to verify this fix