Tcpdump

From wikinotes
Revision as of 02:29, 7 November 2021 by Will (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Watch/record network traffic. 

tcpdump -i eth0  # watch all traffic on eth0
tcpdump -T rpc   # watch traffic of protocol 'rpc'

# write to file
tcpdump -w out.pcap -i eth0
tshark -r out.pcap

# it may be useful to try command with/without (-n)
# to use ip-addrs instead of hostnames
tcpdump -n -i eth0

# piping tcpdump using (-l)
tcpdump -l -i eth0 | grep "192.1" 

# tcpdump specific host or port
tcpdump host 10.10.10.10 port 22

# tcpdump specific protocol
tcpdump icmp -i eth0
Retrieved from "http://willpittman.net:8080/index.php?title=Tcpdump&oldid=28120"