This is a great tool, a powerfull Linux sniffer, that lets you even sniff layer two packets.
Some moths ago as a part of my job I needed to help implementing VLANs in a Satellite Hub, for that job we needed to sniff in the network and find if the VLAN tags were attached to the Ethernet packages, we used two sniffers
- My Laptop IBM T30 with tcpdump
- A professional Fluke sniffer
Of course the Fluke could find the packages tagged and the untagged ones, but also the Linux machine! which cost a fraction of the Fluke sniffer.
All you need to do for using it is (as root) enter this command
tcpdump -i any -l If you want to listen on any interface of you PC (could not work in Promiscuous mode) and put the output on the screen.
tcpdump -i eth0 -w file.cap
This will instruc tcpdume to work only with etho (-i eth0) and to write to file.cap the output for later analisys.
After capturing the file you can use Ethereal to graphic the results.