Dump traffic on a network with tcpdump

tcpdump is a command line packet analyzer.

Intro

Configuration

Some options

Operators

root@host:~# tcpdump -nnvvS and src 10.5.2.3 and dst port 3389
root@host:~# tcpdump -nvX src net 192.168.0.0/16 and dst net 10.0.0.0/8 or 172.16.0.0/16
root@host:~# tcpdump -vv src mars and not dst port 22
root@host:~# tcpdump 'src 10.0.2.4 and (dst port 3389 or 22)'

Examples

root@host:~# tcpdump host 1.2.3.4
root@host:~# tcpdump src 1.2.3.4
root@host:~# tcpdump icmp
root@host:~# tcpdump port 443
root@host:~# tcpdump portrange 443-445
root@host:~# tcpdump src port 443
root@host:~# tcpdump src port 443 and tcp
root@host:~# tcpdump -i eth1 -w %F_%H%M -G 3600
root@host:~# apt-get install tshark
root@host:~# editcap -F libpcap -A "2015-06-02 17:10:00" -B "2015-06-02 17:20" 2015-06-02_1631 2015-06-02_1710_1720.NEW

Source : http://www.danielmiessler.com/study/tcpdump/

Licence Creative Commons
This website http://shebangthedolphins.net is licensed to the public under a licence Creative Commons Attribution licence.
Contact :