Now this is totally cool: the wonderful folks at the SANS Institute have a 2 pg PDF download available: TCP/IP and tcpdump Pocket Reference Guide. In one handy package you have all the info you need for basic TCP/IP and tcpdump knowledge, and then some. If you know you need this, you definitely need it, so get it, print it, and use it. (Check out all of my posts on networking.) ...

When it comes to sniffing packets, the tool I usually use is Ethereal, a fantastically powerful piece of software. Tony Howlett's book Open Source Security Tools: A Practical Guide to Security Applications covers Ethereal and many more. You can read a sample chapter, titled "Network Sniffers: Is Open Source Right for You?", online. In it, Howlett gives a great list explaining Ethereal's benefits over using straight tcpdump on the command line. Here's a brief outline of his list. After reading this, go check out the sample chapter & the book! Easy to use GUI More analytical & statistical options than command line Cleaner output format Supports over 300 network protocols Supports many physical network formats Interactively browse & sort captured data Save output in a variety of formats Display packets with color-coding Filter creation GUI makes it easy to create filters Follow a TCP stream & view it as a unified whole in ASCII Supports many ...

This one is interesting: ngrep is a network sniffing tool like tcpdump, but it uses grep syntax. Hmmmm … that might be more appropriate for some users. You can read a very short little bit about it at Monitor network traffic with ngrep, which gives the absolute basics. Then download it (Debian users, just use apt-get install ngrep) & try it out yourself! The man page is very good, with lots of options (but no examples, sadly … but the article I pointed to does provide a few of those). (Check out all of my posts on grep & sniffing.) ...