You see that light blinking like crazy on the switch, and want to see what it is that your systems is doing? If you are on a (u|li)n[i|u]x or bsd of some sort pick up a copy of tcpdump. If you are on OS X it is already included.
While tcpdump can do a great many amazing and magical things, I am just going to focus on a quick one to get a look at what is coming across your wire. The first thing to be aware of is that you are going to need to have root access to the box in order to take advantage of these things.
sudo tcpdump -s0 -A -v
sudo portion lets you run the command as a superuser. The
-s0 portion tells tcpdmp to capture packets of any size. By default tcpdump will not completely capture longer packets. the
-A tells tcpdump to output the capture as ASCII text so you can read some of the content of the packet. The
-v tells tcpdump to be verbose in its output. This gives you things like the time to live, identification, total length and options as well as verifying the IP and ICMP header checksum. In order to stop your dump, use
This is a great place to start with tcpdmp, but there are a few more common options you can take advantage of. By adding
-w <filename> you can write output to a file. Then you can use tcpdump with whatever options you like to read the file with
-r <filename>. For example,
sudo tcpdump -s0 -w mydump.dmp
would write the output to a file called “mydump.dmp”. You could then use
sudo tcpdump -s0 -A -v -r mydump.dmp
to view the contents of that file. You could also open that file in a packet analysis tool like Wireshark (ethereal). Writing to a file is good when you are capturing a lot of packets, because tcpdump is capable of capturing more traffic when writing to a file.
Another thing you might want to do is limit the scope of what you are capturing. You can use
host to specify the hostname or address you want to capture, or
net to limit based on a network range.
sudo tcpdump -s0 -A -v host mycomputer.com
sudo tcpdump -s0 -A -v net 192.168.1.0/24
You can get very granular in selecting what traffic you capture. You can get more detail on what can be done from the man page for tcpdump, which also has some additional examples.
This should get you started on looking at your network traffic, you might just be surprised at what you find. tcpdump is a very versatile tool the more you play with it the more you find.