List all incoming connection in Linux via "TCPDUMP"

[hack3rcon]

Hello.
How can I use "TCPDUMP"  for monitor all incoming IP address and not all protocols?

I read below links :

1- http://www.rationallyparanoid.com/articles/tcpdump.html
2- http://www.tecmint.com/12-tcpdump-commands-a-network-sniffer-tool/
3- http://edoceo.com/cli/tcpdump

but they just used "TCPDUMP" on specific ports or IP addresses. I want to use "TCPDUMP" on all ports and IP for show me that "IP X.X.X.X on port X" want incoming and nothing else. Just show me incoming IP and port.

Any idea?

[proxx]

Hello.
How can I use "TCPDUMP"  for monitor all incoming IP address and not all protocols?

I read below links :

1- http://www.rationallyparanoid.com/articles/tcpdump.html
2- http://www.tecmint.com/12-tcpdump-commands-a-network-sniffer-tool/
3- http://edoceo.com/cli/tcpdump

but they just used "TCPDUMP" on specific ports or IP addresses. I want to use "TCPDUMP" on all ports and IP for show me that "IP X.X.X.X on port X" want incoming and nothing else. Just show me incoming IP and port.

Any idea?

TCPDump is a packet dumper and is not really suitable for such things although you could pipe it through unique and some cuts.
I would suggest you look into iftop , but there are many similar applications around.
IPTraf is also one of my favorites.

[hack3rcon]

TCPDump is a packet dumper and is not really suitable for such things although you could pipe it through unique and some cuts.
I would suggest you look into iftop , but there are many similar applications around.
IPTraf is also one of my favorites.

Thank you but I guess these tools show all IPs like "Tcpdump" and just show who want connect to my PC. Am I wrong?
Which ports are used for attacks on a Desktop Linux more?

[rogue.hackz]

Thank you but I guess these tools show all IPs like "Tcpdump" and just show who want connect to my PC. Am I wrong?
Which ports are used for attacks on a Desktop Linux more?

I really don't understand what you're talking about, tcpdump is a general purpose network sniffer only meant for capturing traffic, not decoding protocols. If you're looking for a network protocol analyser there's wireshark.

Also why would you care about whose connecting to your pc? If you have no services like ssh running, they simply can't connect. And you can have iptables rule setup to drop all inbound packets.

Please don't spam this thread with stupid questions, try to do some research first before asking.

[hack3rcon]

I really don't understand what you're talking about, tcpdump is a general purpose network sniffer only meant for capturing traffic, not decoding protocols. If you're looking for a network protocol analyser there's wireshark.

Also why would you care about whose connecting to your pc? If you have no services like ssh running, they simply can't connect. And you can have iptables rule setup to drop all inbound packets.

Please don't spam this thread with stupid questions, try to do some research first before asking.

I'm sure you afraid of it like me.
Some people recommended "Snort" or "Suricata-IDS" for finding who connected to my PC but I need some simplest and lightest tools. I know "tcpdump" is a knife and can tell what IP connected but I must know the port number or IP of hacker but it is silly

[novaccainne]

You can sniff the network packets with tcpdump but if you only would like to find out which port a program is running then I think it would be better (and more easir for you ) using netstat.

For example :

$ netstat -vantupl | grep -i estab

Or you can track your connections with lsof:

$ lsof -i

Tcpdump is a sniffer application which capabale to analyze the traffics on your 'network' interfaces. You can find more information about it with google.