Computer Journal
TCPDump Watch Traffic Analysis
by JavanteaApril 19-27, 2008
This program was written in a few days to solve the issue of watching network traffic in realtime. I split packets into groups of IP, TCP, UDP, and non-IP as well as in/out and update the screen every second. It shows packets per second, kilobits per second, and horizontal lines show how much data. The bars switch to yellow when the traffic increases over 1Mbps and to red when it increases over 5 Mbps.
I pipe the text output of tcpdump to my program which parses out interesting data and displays it. This allows my program to run as a user instead of root which tcpdump requires.
If the window is resized, it will exit with a minor error. If you're in 802.11 mode, it will not show any packets. If there are no packets, it will not update the screen.
Parse more types.
Parse 802.11 and other lower types.
View packets on wireless: sudo test; sudo tcpdump -i wlan1 -l -n 2>/dev/null |python tcpdump_watch1.py View packets on wired net: sudo test; sudo tcpdump -i eth0 -l -n 2>/dev/null |python tcpdump_watch1.py
If you are interested in developing TCPDump Watch, feel free to
e-mail me.
AltSci Concepts