I opened a port to my router which is linked to a media server I got set up and its accessible from anywhere, so my intention is to monitor the requests sent to this server (essentially, sent to this port)
Is there a way to sniff this port (not with wireshark, I want to sniff this port and this port only- even a cmd window with timestamps ans ips will do)
I assume you're using Linux. Try the Tshark tool.
sudo apt-get update
sudo apt-get install tshark
sudo usermod -a -G wireshark your-user-name
Replace the your-user-name with your real name of user, which will use Tshark.
Filtering packets and fields in the output:
tshark -i eth0 -n -l -f "tcp dst port 80 and tcp[tcpflags] & (tcp-syn) != 0 and tcp[tcpflags] & (tcp-ack) = 0" 2>/dev/null | awk -F " " '{ print $3 " " $4; }'
Replace port 80 with the TCP port number that you want to monitor and eth0 with your interface name.
Example of otput:
00:30:53,317023498 10.1.1.111
00:31:01,108270223 10.1.1.111
The first field is the current time of day, i.e. 00 hours 30 minutes 53 sec.
The second field is the IP address of the device that connects to port 80.
Only packets are captured and analyzed when a new connection is initiated, i.e. which have flags SYN=1 and ACK=0.
If you're using Windows, the parameters for Tshark will remain the same, except you need to use a different method instead of the awk filter to select the time and the IP address fields.
