The tcpsound(1) utility will play sounds in response to network traffic permitting a user to literally listen to a network. Specifically tcpsound forks a pseudo terminal in which to run tcpdump(8), parses that output, and plays a wide variety of user configuable sounds. Interpreting the output of tcpdump in a pty permits tcpsound to first ssh(1) to a remote host if desired.
-h - print usage
-c <configfile> - load sound rules from <configfile> rather than the default file ${HOME}/.tcpsound. The properties supported in the configuration file are:
searchpath - A colon ':' separated list of directories in which to search for wav files.
remoteprompt - A string matching the command prompt of a remote shell if the -r option is used. The default is '# '. Quotes are note permitted in properties files and all leading and trailing space will be trimmed if it is not excaped. Thus to preserve a trailing space in the string it will be necessary to use something like the following: 'remoteprompt = root$\\ ' where the last character on the line is a space. See -r description below.
snd.* - A match rule that specifies which sound to play in response to a network packet. Full property names are arbirary but all property keys must be uniqe. Each value is a comma separated list defined in order as follows:
protocol; 1 is ARP, 2 is IP, 3 is ICMP
source port number or 0 for any port
destination port number or 0 for any port
filename of wav file to play if rule matches
Match Rule Examples:
Incoming or outgoing packets on port 25 (smtp) play cuckoo.wav:
snd.foo.bar = 2,25,25,cuckoo.wav
Incoming HTTP packets play KDE_Click.wav whereas outgoing HTTP packets play info.wav:
snd.http.in = 2,0,80,KDE_Click.wav
snd.http.out = 2,80,0,info.wav
Play the default Windows sound when an MS-RPC packet is encountered (provided you have the winnt/Media directory in your searchpath):
snd.windoze = 2,135,135,ding.wav
-r <user@sshhost> - run tcpdump on a different host. The pty will temporarily relinquish control to the parent terminal until a remote prompt is encountered (default of '# ' may be changed with the remoteprompt property) at which point tcpsound will start tcpdump.
All remaining parameters are passed uninterpreted to tcpdump although the tcpdump -nn option will be prefixed to all tcpdump options as the resulting output format is required by the tcpsound interpreter.
Examples:
Run tcpdump on a remote host. Note it is important to exclude ssh traffic as each packet printed will generate ssh traffic which will print more packets and more traffic ad infinitum.
# tcpdump -r mysvr.com ! port ssh
Use a custom sounds file and monitor traffic on a remote host except ports 22, 53, and 80.
$ tcpdump -c sasser.cfg -r root@router10.acme.com ! port ssh and ! port 53 and ! port 80