Monitor traffic (command)

From VyOS Wiki
Revision as of 08:11, 4 May 2019 by Alfa80 (talk | contribs) (improve layout)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

The "monitor traffic" command allows you to monitor the traffic going across an interface. It is a wrapper around tcpdump.

Main article: Monitor (command)

Syntax

monitor traffic interface <interface name|any>

You can also modify the output using the different commands available:

monitor interfaces <ethernet ethX> traffic
  filter        Monitor filtered traffic for the specified ethernet interface
  save          Save traffic dump from an interface to a file

The filter syntax is the same as for tcpdump, within quotation marks

Example

To capture all traffic flowing across eth0:

vyos@router:~$ monitor traffic interface eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
  0.000000  192.168.1.20 -> 162.254.193.6 UDP Source port: 60420  Destination port: 27021
  0.000086  174.33.65.84 -> 162.254.193.6 UDP Source port: 60420  Destination port: 27021
  0.537777 108.161.147.23 -> 174.33.65.84  UDP Source port: 7351  Destination port: 44488
  0.537864 108.161.147.23 -> 192.168.1.205 UDP Source port: 7351  Destination port: 44488
  0.538615   192.168.1.1 -> 192.168.1.20  TCP 10022 > 63629 [PSH, ACK] Seq=1 Ack=1 Win=260 Len=308
[...]

Applying a filter to the output:

vyos@router:~$ monitor traffic interface eth0 filter "host not 192.168.1.20"
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
  0.000000 192.168.1.225 -> 216.113.27.12 ICMP Echo (ping) request
  0.000074  174.33.65.84 -> 216.113.27.12 ICMP Echo (ping) request
  0.000106 192.168.1.225 -> 8.8.8.8      ICMP Echo (ping) request
  0.000125  174.33.65.84 -> 8.8.8.8      ICMP Echo (ping) request


See aslo

Command tree