defect.ch - Wiki

User Tools

Site Tools

You are here: defect.ch - Wiki » Applications » tcpdump
apps:tcpdump

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
apps:tcpdump [2024-09-24 01:18] Manuel Freiapps:tcpdump [2025-01-29 12:36] (current) – icmp Manuel Frei
Line 74: Line 74:
 <code bash> <code bash>
 tcpdump -i eth0 -nn "(tcp[tcpflags] == tcp-syn) or (ip6 and (ip6[6] == 0x06) and (ip6[53] == 0x02))" tcpdump -i eth0 -nn "(tcp[tcpflags] == tcp-syn) or (ip6 and (ip6[6] == 0x06) and (ip6[53] == 0x02))"
 +</code>
 +
 +==== ICMP without echo request/reply ====
 +
 +<code bash>
 +tcpdump -ni eth0 'icmp[icmptype] != icmp-echo and icmp[icmptype] != icmp-echoreply' -v
 </code> </code>
  
Line 90: Line 96:
 ==== Dump for Wireshark with rotation ==== ==== Dump for Wireshark with rotation ====
 <code bash> <code bash>
-tcpdump -i lo -G $((10*60)) -s 65535 -w /tmp/test.%Y-%m-%dT%H:%M.pcap -Z root+tcpdump -i lo -G $((10*60)) -w /tmp/test.%Y-%m-%dT%H:%M.pcap -Z root
 </code> </code>
  
Line 98: Line 104:
   * -G <nowiki>$((10*60))</nowiki>   * -G <nowiki>$((10*60))</nowiki>
     * Rotate logs every 10 minutes.     * Rotate logs every 10 minutes.
- 
-  * -s 65535 
-    * Capture full package. 
  
   * -w /tmp/test.%Y-%m-%dT%H:%M.pcap   * -w /tmp/test.%Y-%m-%dT%H:%M.pcap
apps/tcpdump.1727133512.txt.gz · Last modified: 2024-09-24 01:18 by Manuel Frei