Sniffers, Packet Capture

From PFSenseDocs

Jump to: navigation, search
[edit]

tcpdump

tcpdump comes installed with pfSense. You can use tcpdump from the pfsense Diagnostics drop down menu. Select Command and run your dump.

Another way is to SSH into a shell and run tcpdump. In this example a method of capturing traffic other than SSH, ARP, DNS and STP is highlighted. The capture will be directed to a file called Sniff_output in the current directory. 

tcpdump -i fxp0 not port 22 and not port 53 and not arp and not stp >> Sniff_output

The -i is designating traffic from the fxp0 interface. In this example traffic from one of the subnets fxp0 connected to pfSense is being grabbed.


[edit]

iftop

A second method of sniffing urls via a shell is with iftop. The method of installing iftop is highlighted on this wiki page Add_Packages.

iftop will allow you to designate the interface from which you would like to grab traffic. In this example fxp1 is the LAN Interface 

iftop -i fxp1

Sample Output 

cf-in-f18.google.com                     => 192.168.1.245                               0b      
                                         <=                                             0b      
cf-in-f97.google.com                     => 192.168.1.245                               0b      
                                         <=                                             0b      
cf-in-f103.google.com                    => 192.168.1.245                               0b      
                                         <=                                             0b      
google.navigation.opendns.com            => 192.168.1.245                               0b      
                                         <=                                             0b
[edit]

PFtop

PFtop is a very cool tool built into pfSense. This tool can be found by connecting to pfsense via SSH. On the 'pfSense console setup' menu it is selection 9.

Retrieved from "http://doc.pfsense.org/index.php/Sniffers%2C_Packet_Capture"
Personal tools