Tcpdump: Difference between revisions
From wikinotes
No edit summary |
No edit summary |
||
Line 7: | Line 7: | ||
# write to file | # write to file | ||
tcpdump -w out.pcap -i eth0 | tcpdump -w out.pcap -i eth0 | ||
tshark -r out.pcap | |||
# it may be useful to try command with/without (-n) | # it may be useful to try command with/without (-n) |
Latest revision as of 02:29, 7 November 2021
Watch/record network traffic.
tcpdump -i eth0 # watch all traffic on eth0
tcpdump -T rpc # watch traffic of protocol 'rpc'
# write to file
tcpdump -w out.pcap -i eth0
tshark -r out.pcap
# it may be useful to try command with/without (-n)
# to use ip-addrs instead of hostnames
tcpdump -n -i eth0
# piping tcpdump using (-l)
tcpdump -l -i eth0 | grep "192.1"
# tcpdump specific host or port
tcpdump host 10.10.10.10 port 22
# tcpdump specific protocol
tcpdump icmp -i eth0