apps:tcpdump
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionLast revisionBoth sides next revision | ||
tcpdump [2011-02-09 21:54] – root | apps:tcpdump [2019-04-26 10:44] – [Dump for Wireshark with rotation] root | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== tcpdump ====== | ====== tcpdump ====== | ||
- | == Port include | + | ==== Filtering ==== |
- | # tcpdump -n -tttt -i rl0 dst port 22102 | + | |
- | == Host include == | + | tcpdump uses packet filter syntax for filtering. For help see |
- | # tcpdump | + | <code bash> |
+ | man 7 pcap-filter | ||
+ | </ | ||
- | == SSH exclude | + | ==== Port include ==== |
- | # tcpdump -n -i rl0 ' | + | <code bash> |
+ | # tcpdump -n -tttt -i rl0 dst port 221027 | ||
+ | </ | ||
+ | ==== Host include ==== | ||
+ | <code bash> | ||
+ | # tcpdump -n -tttt -i rl0 host 192.168.10.2 | ||
+ | </ | ||
+ | |||
+ | ==== SSH exclude ==== | ||
+ | <code bash> | ||
+ | # tcpdump -n -i rl0 'not port 22' | ||
+ | </ | ||
+ | |||
+ | ==== Dump full Packages for Wireshark ==== | ||
+ | <code bash> | ||
+ | # tcpdump -s 65535 -w / | ||
+ | </ | ||
+ | |||
+ | ==== Filter IPv6 Network ==== | ||
+ | <code bash> | ||
+ | # tcpdump -n 'net 2001: | ||
+ | </ | ||
+ | | ||
+ | ==== Show IPsec packets ==== | ||
+ | <code bash> | ||
+ | # tcpdump -i igb0 -n -p 'udp port 500 or udp port 4500 or ip proto 50' | ||
+ | </ | ||
+ | |||
+ | ==== Dump for Wireshark with rotation ==== | ||
+ | <code bash> | ||
+ | # tcpdump -i lo -G $((10*60)) -s 65535 -w / | ||
+ | </ | ||
+ | |||
+ | * -i lo | ||
+ | * Listen on loopback interface. | ||
+ | |||
+ | * -G < | ||
+ | * Rotate logs every 10 minutes. | ||
+ | |||
+ | * -s 65535 | ||
+ | * Capture full package. | ||
+ | |||
+ | * -w / | ||
+ | * Save dump to file. Ex. test.2015-08-11T12: | ||
+ | |||
+ | * -Z root | ||
+ | * Run as root user. //I had some permission problems with the default user (tcpdump)// |
apps/tcpdump.txt · Last modified: 2023-09-09 15:13 by Manuel Frei