Installing and Using dhcpdump

dhcpdump – sniffer utility for analyzing DHCP packets.

I will give an example of the installation command in Ubuntu/Debian:

sudo apt-get install dhcpdump

Installation in CentOS:

yum install dhcpdump

Let’s see what network interfaces are in the system:


Example of running dhcpdump with the name of the network interface:

dhcpdump -i eth0

An example of intercepting DHCP packets with only the specified MAC address ending:

dhcpdump -i eth0 -h ^02:b0:eb

I’ll give an example of displaying the result not on the screen, but in a file:

dhcpdump -i eth0 > file.txt

Starting a TFTP server in Windows

One of the options for running the tftp server on Windows is to download and run the application from the link

After running the application to test it, you need to run the tftp client, if it is not installed on Windows, we set it by typing:

dism /online /Enable-Feature /FeatureName:TFTP

Or you can also open the “Control Panel” – “Uninstall the program” or “Programs and components” – “Enable or disable Windows components”, tick the “TFTP Client” and click “OK”.

To transfer and download files from the TFTP server, open the command line and execute the commands:

tftp PUT file.txt
tftp GET file.txt

See also:
Installing and Configuring a TFTP Server in Ubuntu

Installing and using trafshow

trafshow – a utility for displaying traffic statistics passing through network interfaces.

Since the utility is included in the Netdiag (Net-Diagnostics) set, everything is installed together.

You can install Netdiag and trafshow in Ubuntu / Debian using the following command:

sudo apt-get install netdiag

In CentOS/RedHat/Fedora:

sudo yum install netdiag

Command viewing guide:

man trafshow

Simple launch:

sudo trafshow

I’ll describe the possible startup options:
-v (view the version of the program)
-n (do not convert the addresses into DNS names, and port numbers for example 80 in http, etc., in the running program, you can toggle the option with the N key)
-a len (summarizing traffic flows using the IP prefix IP netmask len, in the program is switched by pressing the A key)
-с conf (using an alternative color configuration instead of the standard / etc / trafshow)
-i name (indication of the network interface)
-s str (search for an item in the list and go to it)
-u port (listening to the specified UDP port for Cisco Netflow, the default number is 9995, to disable use 0)
-R refresh (update interval, default 2 secs, in the program is changed with the R key)
-P purge (cleaning of obsolete records after the specified time, by default 10 seconds, in the program is changed by the key P)
-F file (using a file for filters)
expr (what packages will be displayed, if not specified, then all)

Installing and using softflowd

Softflowd – NetFlow network traffic analyzer.

You can install in Ubuntu/Debian using the command:

sudo apt-get install softflowd

After installation, you need to open its configuration file, for example, in the nano editor (Ctrl+X for exit, y/n for saving or canceling changes):

sudo nano /etc/default/softflowd

And specify the parameters, for example:


After the changes, perform a restart:

sudo /etc/init.d/softflowd restart

Let’s look at the statistics of softflowd:

softflowctl statistics

If it is not running, there will be an error:

ctl connect(“/var/run/softflowd.ctl”) error: Connection refused

Display information about all monitored threads:

sudo softflowctl dump-flows

Information about softflowctl can be viewed by the command:

man softflowctl

I’ll describe other startup options:
-n (specify the network node and port on which will work softflowd)
-i (interface on which will work softflowd)
-r pcap_file (reading information from a file, not a network interface)
-p pidfile (alternative location for storing the process identifier, standard /var/run/
-c ctlsock (alternative location for the socket, standard /var/run/softflowd.ctl)
-m max_flows (maximum number of threads for simultaneous tracking)
-6 (consider also IPv6 data)
-D (debug mode)
-T track_level (level of tracking, can be full, proto, ip)
-v netflow_version (netflow version)

The reboot script of Wi-Fi routers TP-Link

Below is an example of the TP-Link router reboot script, I will test it on TL-WR720N 2.0 from Ubuntu Server.


# exit if router is down
ping -q -c 1 "$ROUTER_IP" > /dev/null || exit

curl --basic --user "$USERNAME:$PASSWORD" -A "Mozilla/4.73 [en] (X11; U; Linux 2.2.15 i686)" --refer "http://$ROUTER_IP" "$ROUTER_IP/userRpm/SysRebootRpm.htm?Reboot=reboot"

The contents of the script will be placed in a new file, for example, using the nano editor (“CTRL+X” to exit and “y” to save the changes):


And make it executable:

chmod 777

After this, we execute:


Similarly, you can perform other functions instead of rebooting.