apps:tcpdump
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | |||
| apps:tcpdump [2019-04-26 10:44] – [Dump for Wireshark with rotation] root | apps:tcpdump [2023-09-09 15:13] (current) – Manuel Frei | ||
|---|---|---|---|
| Line 10: | Line 10: | ||
| ==== Port include ==== | ==== Port include ==== | ||
| <code bash> | <code bash> | ||
| - | # tcpdump -n -tttt -i rl0 dst port 221027 | + | tcpdump -n -tttt -i rl0 dst port 221027 |
| </ | </ | ||
| ==== Host include ==== | ==== Host include ==== | ||
| <code bash> | <code bash> | ||
| - | # tcpdump -n -tttt -i rl0 host 192.168.10.2 | + | tcpdump -n -tttt -i rl0 host 192.168.10.2 |
| </ | </ | ||
| ==== SSH exclude ==== | ==== SSH exclude ==== | ||
| <code bash> | <code bash> | ||
| - | # tcpdump -n -i rl0 'not port 22' | + | tcpdump -n -i rl0 'not port 22' |
| </ | </ | ||
| ==== Dump full Packages for Wireshark ==== | ==== Dump full Packages for Wireshark ==== | ||
| <code bash> | <code bash> | ||
| - | # tcpdump -s 65535 -w / | + | tcpdump -s 65535 -w / |
| </ | </ | ||
| ==== Filter IPv6 Network ==== | ==== Filter IPv6 Network ==== | ||
| <code bash> | <code bash> | ||
| - | # tcpdump -n 'net 2001: | + | tcpdump -n 'net 2001: |
| </ | </ | ||
| | | ||
| ==== Show IPsec packets ==== | ==== Show IPsec packets ==== | ||
| <code bash> | <code bash> | ||
| - | # tcpdump -i igb0 -n -p 'udp port 500 or udp port 4500 or ip proto 50' | + | tcpdump -i igb0 -n -p 'udp port 500 or udp port 4500 or ip proto 50' |
| </ | </ | ||
| ==== Dump for Wireshark with rotation ==== | ==== Dump for Wireshark with rotation ==== | ||
| <code bash> | <code bash> | ||
| - | # tcpdump -i lo -G $((10*60)) -s 65535 -w / | + | tcpdump -i lo -G $((10*60)) -s 65535 -w / |
| </ | </ | ||
apps/tcpdump.txt · Last modified: 2023-09-09 15:13 by Manuel Frei