This is a great tool, a powerfull Linux sniffer, that lets you even sniff layer two packets.

Some moths ago as a part of my job I needed to help implementing VLANs in a Satellite Hub, for that job we needed to sniff in the network and find if the VLAN tags were attached to the Ethernet packages, we used two sniffers

  1. My Laptop IBM T30 with tcpdump
  2. A professional Fluke sniffer

Of course the Fluke could find the packages tagged and the untagged ones, but also the Linux machine! which cost a fraction of the Fluke sniffer.

All you need to do for using it is (as root) enter this command

tcpdump -i any -l If you want to listen on any interface of you PC (could not work in Promiscuous mode) and put the output on the screen.

tcpdump -i eth0 -w file.cap

This will instruc tcpdume to work only with etho (-i eth0) and to write to file.cap the output for later analisys.

After capturing the file you can use Ethereal to graphic the results.