This shows you the differences between two versions of the page.
Next revision | Previous revision Last revision Both sides next revision | ||
network:tcpdump [2014/05/02 11:07] tschulz created |
network:tcpdump [2014/05/02 11:10] tschulz |
||
---|---|---|---|
Line 2: | Line 2: | ||
See the list of interfaces on which tcpdump can listen: | See the list of interfaces on which tcpdump can listen: | ||
- | tcpdump -D | + | <file>tcpdump -D</file> |
Listen on interface eth0: | Listen on interface eth0: | ||
- | tcpdump -i eth0 | + | <file>tcpdump -i eth0</file> |
Listen on any available interface (cannot be done in promiscuous mode. Requires Linux kernel 2.2 or greater): | Listen on any available interface (cannot be done in promiscuous mode. Requires Linux kernel 2.2 or greater): | ||
- | tcpdump -i any | + | <file>tcpdump -i any</file> |
Be verbose while capturing packets: | Be verbose while capturing packets: | ||
- | tcpdump -v | + | <file>tcpdump -v</file> |
Be more verbose while capturing packets: | Be more verbose while capturing packets: | ||
- | tcpdump -vv | + | <file>tcpdump -vv</file> |
Be very verbose while capturing packets: | Be very verbose while capturing packets: | ||
- | tcpdump -vvv | + | <file>tcpdump -vvv</file> |
Be less verbose (than the default) while capturing packets: | Be less verbose (than the default) while capturing packets: | ||
- | tcpdump -q | + | <file>tcpdump -q</file> |
Limit the capture to 100 packets: | Limit the capture to 100 packets: | ||
- | tcpdump -c 100 | + | <file>tcpdump -c 100</file> |
Record the packet capture to a file called capture.cap: | Record the packet capture to a file called capture.cap: | ||
- | tcpdump -w capture.cap | + | <file>tcpdump -w capture.cap</file> |
Record the packet capture to a file called capture.cap but display on-screen how many packets have been captured in real-time: | Record the packet capture to a file called capture.cap but display on-screen how many packets have been captured in real-time: | ||
- | tcpdump -v -w capture.cap | + | <file>tcpdump -v -w capture.cap</file> |
Display the packets of a file called capture.cap: | Display the packets of a file called capture.cap: | ||
- | tcpdump -r capture.cap | + | <file>tcpdump -r capture.cap</file> |
Display the packets using maximum detail of a file called capture.cap: | Display the packets using maximum detail of a file called capture.cap: | ||
- | tcpdump -vvv -r capture.cap | + | <file>tcpdump -vvv -r capture.cap</file> |
Display IP addresses and port numbers instead of domain and service names when capturing packets: | Display IP addresses and port numbers instead of domain and service names when capturing packets: | ||
- | tcpdump -n | + | <file>tcpdump -n</file> |
Capture any packets where the destination host is 192.168.1.1. Display IP addresses and port numbers: | Capture any packets where the destination host is 192.168.1.1. Display IP addresses and port numbers: | ||
- | tcpdump -n dst host 192.168.1.1 | + | <file>tcpdump -n dst host 192.168.1.1</file> |
Capture any packets where the source host is 192.168.1.1. Display IP addresses and port numbers: | Capture any packets where the source host is 192.168.1.1. Display IP addresses and port numbers: | ||
- | tcpdump -n src host 192.168.1.1 | + | <file>tcpdump -n src host 192.168.1.1</file> |
Capture any packets where the source or destination host is 192.168.1.1. Display IP addresses and port numbers: | Capture any packets where the source or destination host is 192.168.1.1. Display IP addresses and port numbers: | ||
- | tcpdump -n host 192.168.1.1 | + | <file>tcpdump -n host 192.168.1.1</file> |
Capture any packets where the destination network is 192.168.1.0/24. Display IP addresses and port numbers: | Capture any packets where the destination network is 192.168.1.0/24. Display IP addresses and port numbers: | ||
- | tcpdump -n dst net 192.168.1.0/24 | + | <file>tcpdump -n dst net 192.168.1.0/24</file> |
Capture any packets where the source network is 192.168.1.0/24. Display IP addresses and port numbers: | Capture any packets where the source network is 192.168.1.0/24. Display IP addresses and port numbers: | ||
- | tcpdump -n src net 192.168.1.0/24 | + | <file>tcpdump -n src net 192.168.1.0/24</file> |
Capture any packets where the source or destination network is 192.168.1.0/24. Display IP addresses and port numbers: | Capture any packets where the source or destination network is 192.168.1.0/24. Display IP addresses and port numbers: | ||
- | tcpdump -n net 192.168.1.0/24 | + | <file>tcpdump -n net 192.168.1.0/24</file> |
Capture any packets where the destination port is 23. Display IP addresses and port numbers: | Capture any packets where the destination port is 23. Display IP addresses and port numbers: | ||
- | tcpdump -n dst port 23 | + | <file>tcpdump -n dst port 23</file> |
Capture any packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers: | Capture any packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers: | ||
- | tcpdump -n dst portrange 1-1023 | + | <file>tcpdump -n dst portrange 1-1023</file> |
Capture only TCP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers: | Capture only TCP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers: | ||
- | tcpdump -n tcp dst portrange 1-1023 | + | <file>tcpdump -n tcp dst portrange 1-1023</file> |
Capture only UDP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers: | Capture only UDP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers: | ||
- | tcpdump -n udp dst portrange 1-1023 | + | <file>tcpdump -n udp dst portrange 1-1023</file> |
Capture any packets with destination IP 192.168.1.1 and destination port 23. Display IP addresses and port numbers: | Capture any packets with destination IP 192.168.1.1 and destination port 23. Display IP addresses and port numbers: | ||
- | tcpdump -n "dst host 192.168.1.1 and dst port 23" | + | <file>tcpdump -n "dst host 192.168.1.1 and dst port 23"</file> |
Capture any packets with destination IP 192.168.1.1 and destination port 80 or 443. Display IP addresses and port numbers: | Capture any packets with destination IP 192.168.1.1 and destination port 80 or 443. Display IP addresses and port numbers: | ||
- | tcpdump -n "dst host 192.168.1.1 and (dst port 80 or dst port 443)" | + | <file>tcpdump -n "dst host 192.168.1.1 and (dst port 80 or dst port 443)"</file> |
Capture any ICMP packets: | Capture any ICMP packets: | ||
- | tcpdump -v icmp | + | <file>tcpdump -v icmp</file> |
Capture any ARP packets: | Capture any ARP packets: | ||
- | tcpdump -v arp | + | <file>tcpdump -v arp</file> |
Capture either ICMP or ARP packets: | Capture either ICMP or ARP packets: | ||
- | tcpdump -v "icmp or arp" | + | <file>tcpdump -v "icmp or arp"</file> |
Capture any packets that are broadcast or multicast: | Capture any packets that are broadcast or multicast: | ||
- | tcpdump -n "broadcast or multicast" | + | <file>tcpdump -n "broadcast or multicast"</file> |
Capture 500 bytes of data for each packet rather than the default of 68 bytes: | Capture 500 bytes of data for each packet rather than the default of 68 bytes: | ||
- | tcpdump -s 500 | + | <file>tcpdump -s 500</file> |
Capture all bytes of data within the packet: | Capture all bytes of data within the packet: | ||
- | tcpdump -s 0 | + | <file>tcpdump -s 0</file> |