User Tools
network:tcpdump
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
network:tcpdump [2014/05/02 11:07] tschulz created |
network:tcpdump [2014/05/02 11:10] (current) tschulz |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ====== TCPDump Examples ====== | ====== TCPDump Examples ====== | ||
| + | From: [[http://www.rationallyparanoid.com/articles/tcpdump.html]] | ||
| + | |||
| See the list of interfaces on which tcpdump can listen: | See the list of interfaces on which tcpdump can listen: | ||
| - | tcpdump -D | + | <file>tcpdump -D</file> |
| Listen on interface eth0: | Listen on interface eth0: | ||
| - | tcpdump -i eth0 | + | <file>tcpdump -i eth0</file> |
| Listen on any available interface (cannot be done in promiscuous mode. Requires Linux kernel 2.2 or greater): | Listen on any available interface (cannot be done in promiscuous mode. Requires Linux kernel 2.2 or greater): | ||
| - | tcpdump -i any | + | <file>tcpdump -i any</file> |
| Be verbose while capturing packets: | Be verbose while capturing packets: | ||
| - | tcpdump -v | + | <file>tcpdump -v</file> |
| Be more verbose while capturing packets: | Be more verbose while capturing packets: | ||
| - | tcpdump -vv | + | <file>tcpdump -vv</file> |
| Be very verbose while capturing packets: | Be very verbose while capturing packets: | ||
| - | tcpdump -vvv | + | <file>tcpdump -vvv</file> |
| Be less verbose (than the default) while capturing packets: | Be less verbose (than the default) while capturing packets: | ||
| - | tcpdump -q | + | <file>tcpdump -q</file> |
| Limit the capture to 100 packets: | Limit the capture to 100 packets: | ||
| - | tcpdump -c 100 | + | <file>tcpdump -c 100</file> |
| Record the packet capture to a file called capture.cap: | Record the packet capture to a file called capture.cap: | ||
| - | tcpdump -w capture.cap | + | <file>tcpdump -w capture.cap</file> |
| Record the packet capture to a file called capture.cap but display on-screen how many packets have been captured in real-time: | Record the packet capture to a file called capture.cap but display on-screen how many packets have been captured in real-time: | ||
| - | tcpdump -v -w capture.cap | + | <file>tcpdump -v -w capture.cap</file> |
| Display the packets of a file called capture.cap: | Display the packets of a file called capture.cap: | ||
| - | tcpdump -r capture.cap | + | <file>tcpdump -r capture.cap</file> |
| Display the packets using maximum detail of a file called capture.cap: | Display the packets using maximum detail of a file called capture.cap: | ||
| - | tcpdump -vvv -r capture.cap | + | <file>tcpdump -vvv -r capture.cap</file> |
| Display IP addresses and port numbers instead of domain and service names when capturing packets: | Display IP addresses and port numbers instead of domain and service names when capturing packets: | ||
| - | tcpdump -n | + | <file>tcpdump -n</file> |
| Capture any packets where the destination host is 192.168.1.1. Display IP addresses and port numbers: | Capture any packets where the destination host is 192.168.1.1. Display IP addresses and port numbers: | ||
| - | tcpdump -n dst host 192.168.1.1 | + | <file>tcpdump -n dst host 192.168.1.1</file> |
| Capture any packets where the source host is 192.168.1.1. Display IP addresses and port numbers: | Capture any packets where the source host is 192.168.1.1. Display IP addresses and port numbers: | ||
| - | tcpdump -n src host 192.168.1.1 | + | <file>tcpdump -n src host 192.168.1.1</file> |
| Capture any packets where the source or destination host is 192.168.1.1. Display IP addresses and port numbers: | Capture any packets where the source or destination host is 192.168.1.1. Display IP addresses and port numbers: | ||
| - | tcpdump -n host 192.168.1.1 | + | <file>tcpdump -n host 192.168.1.1</file> |
| Capture any packets where the destination network is 192.168.1.0/24. Display IP addresses and port numbers: | Capture any packets where the destination network is 192.168.1.0/24. Display IP addresses and port numbers: | ||
| - | tcpdump -n dst net 192.168.1.0/24 | + | <file>tcpdump -n dst net 192.168.1.0/24</file> |
| Capture any packets where the source network is 192.168.1.0/24. Display IP addresses and port numbers: | Capture any packets where the source network is 192.168.1.0/24. Display IP addresses and port numbers: | ||
| - | tcpdump -n src net 192.168.1.0/24 | + | <file>tcpdump -n src net 192.168.1.0/24</file> |
| Capture any packets where the source or destination network is 192.168.1.0/24. Display IP addresses and port numbers: | Capture any packets where the source or destination network is 192.168.1.0/24. Display IP addresses and port numbers: | ||
| - | tcpdump -n net 192.168.1.0/24 | + | <file>tcpdump -n net 192.168.1.0/24</file> |
| Capture any packets where the destination port is 23. Display IP addresses and port numbers: | Capture any packets where the destination port is 23. Display IP addresses and port numbers: | ||
| - | tcpdump -n dst port 23 | + | <file>tcpdump -n dst port 23</file> |
| Capture any packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers: | Capture any packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers: | ||
| - | tcpdump -n dst portrange 1-1023 | + | <file>tcpdump -n dst portrange 1-1023</file> |
| Capture only TCP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers: | Capture only TCP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers: | ||
| - | tcpdump -n tcp dst portrange 1-1023 | + | <file>tcpdump -n tcp dst portrange 1-1023</file> |
| Capture only UDP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers: | Capture only UDP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers: | ||
| - | tcpdump -n udp dst portrange 1-1023 | + | <file>tcpdump -n udp dst portrange 1-1023</file> |
| Capture any packets with destination IP 192.168.1.1 and destination port 23. Display IP addresses and port numbers: | Capture any packets with destination IP 192.168.1.1 and destination port 23. Display IP addresses and port numbers: | ||
| - | tcpdump -n "dst host 192.168.1.1 and dst port 23" | + | <file>tcpdump -n "dst host 192.168.1.1 and dst port 23"</file> |
| Capture any packets with destination IP 192.168.1.1 and destination port 80 or 443. Display IP addresses and port numbers: | Capture any packets with destination IP 192.168.1.1 and destination port 80 or 443. Display IP addresses and port numbers: | ||
| - | tcpdump -n "dst host 192.168.1.1 and (dst port 80 or dst port 443)" | + | <file>tcpdump -n "dst host 192.168.1.1 and (dst port 80 or dst port 443)"</file> |
| Capture any ICMP packets: | Capture any ICMP packets: | ||
| - | tcpdump -v icmp | + | <file>tcpdump -v icmp</file> |
| Capture any ARP packets: | Capture any ARP packets: | ||
| - | tcpdump -v arp | + | <file>tcpdump -v arp</file> |
| Capture either ICMP or ARP packets: | Capture either ICMP or ARP packets: | ||
| - | tcpdump -v "icmp or arp" | + | <file>tcpdump -v "icmp or arp"</file> |
| Capture any packets that are broadcast or multicast: | Capture any packets that are broadcast or multicast: | ||
| - | tcpdump -n "broadcast or multicast" | + | <file>tcpdump -n "broadcast or multicast"</file> |
| Capture 500 bytes of data for each packet rather than the default of 68 bytes: | Capture 500 bytes of data for each packet rather than the default of 68 bytes: | ||
| - | tcpdump -s 500 | + | <file>tcpdump -s 500</file> |
| Capture all bytes of data within the packet: | Capture all bytes of data within the packet: | ||
| - | tcpdump -s 0 | + | <file>tcpdump -s 0</file> |
network/tcpdump.1399046825.txt.gz · Last modified: 2014/05/02 11:07 by tschulz
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
