I am interested to see the first packet my system sends out during boot time. Therefore, wondering if there's a better way than using a virtual OS.
3
- 2Plug it into a hub or mirrored switch port and sniff traffic with a different computer while it bootsivanivan– ivanivan2017-12-21 16:41:13 +00:00Commented Dec 21, 2017 at 16:41
- If only I had a hub, and another computer. :(Shalom Ray– Shalom Ray2017-12-21 16:57:13 +00:00Commented Dec 21, 2017 at 16:57
- 1You can activate firewall rules before putting the network interfaces up, and you can add a rule that logs all traffic sent.Patrick Mevzek– Patrick Mevzek2017-12-23 03:47:54 +00:00Commented Dec 23, 2017 at 3:47
Add a comment |
1 Answer
I would add a system service (script) starting before network does, which would launch a tcpdump. Depending on linux distro, this would occur either in
- init scripts (e.g. /etc/rc3.d/ assuming runlevel 3 on a 'init' driven system )
- or systemd settings (/etc/systemd/system )
Note: as I post this, I have a doubt if tcpdump command will be accepted before network is started...
