When you're doing a packet capture for the purpose of examining the frame payload, you'll want to extend the snaplen (snapshot length) to 1515. That's long enough to accomodate the 1500 MTU and should give you a pretty good look at what you're after.

For example:

# tcpdump -s1515 -X -ieth0 -w sample.cap

Note: This applies to 'ethereal' and 'wireshark' but their defaults are to capture max(INT) by default.

You need to get someone into an internal machine that doesn't have a public IP? Use an SSH tunnel. For this example, machine_a is your internal machine and machine_b is external:

$ ssh -R 9000:localhost:22 you@machine_b

Once you've logged in, you should be able to run this on machine_b:

$ ssh -p 9000 you@localhost

Finger the kernel.org finger server to get current kernel versions:

$ finger @finger.kernel.org
[zeus-pub.kernel.org]
Trying 204.152.191.5...
The latest stable version of the Linux kernel is:           2.6.13.1
The latest snapshot for the stable Linux kernel tree is:    2.6.13-git9
The latest 2.4 version of the Linux kernel is:              2.4.31
The latest prepatch for the 2.4 Linux kernel tree is:       2.4.32-pre3
The latest 2.2 version of the Linux kernel is:              2.2.26
The latest prepatch for the 2.2 Linux kernel tree is:       2.2.27-rc2
The latest 2.0 version of the Linux kernel is:              2.0.40
The latest -ac patch to the stable Linux kernels is:        2.6.11-ac7
The latest -mm patch to the stable Linux kernels is:        2.6.13-mm2

You can use the lsof (LiSt Open Files) utility to view information about which processes own file handles on a system. Since sockets map to file descriptors, lsof will show you which processes own socket connections. If you see that your machine is connected to another on TCP port 6234 (source or dest) and you want to find out which process(es) are responsible for the connection, run:

# lsof -ni tcp:6234

Note that when run as an unprivileged user, lsof will only show you file descriptors that you have permission to see. You must run lsof as root to see everything in the kernel.

Open about:config in a new tab and make the following changes:

network.http.pipelining -> True
network.http.pipelining.maxrequests -> 10

Anywhere on the screen, right-click and add a new integer:

nglayout.initialpaint.delay -> 0

If you're using a proxy, also change the proxy versions:

network.http.pipelining.proxy.pipelining -> True

WARNING: Be conservative when setting your pipelining settings. To the untrained eye this feature looks like a DOS attempt on the server side and might get you blocked.

You can use the -l <kilobits_per_sec> option with scp (NOT ssh or sftp) to restrict the bandwidth used to transfer files:

$ scp -l 200 user@host:~/files .

Netcat is handy little utility for scripting all manners of network functionality. Here we're making sure a web server is responding as we'd expect:

$ (echo "GET / HTTP/1.1"; echo "Host: www.xinu.org"; echo) | nc www.xinu.org 80

If you need to upload an entire directory structure, check out wput on sourceforge.net. It works the same way as wget only in the other direction (i.e., supporting various protocols).

http://wput.sourceforge.net/

Thanks to Aronalle for this tip!

Due to the checksum offloading logic that's built into most current NICs you'll sometimes get several TCP checksum errors in your Wireshark packet captures. To prevent this, you can go into Edit > Preferences and choose TCP in the left frame. In the right frame, un-check 'Validate the checksum if possible'.

If you want to use tcpdump to watch initiating connections (that is, the syn flag only is set indicating we're looking at the first third of the three-way handshake) on ports 80 and 443 you could do something like this:

# tcpdump '(tcp[13] & 0x3f = 2) and (dst port 80 or dst port 443)'