apps:tcpdump
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
apps:tcpdump [2014-12-18 20:08] – external edit 127.0.0.1 | apps:tcpdump [2023-09-09 15:13] (current) – Manuel Frei | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== tcpdump ====== | ====== tcpdump ====== | ||
- | == Port include | + | ==== Filtering ==== |
- | # tcpdump -n -tttt -i rl0 dst port 22102 | + | |
- | == Host include == | + | tcpdump uses packet filter syntax for filtering. For help see |
- | # tcpdump | + | <code bash> |
+ | man 7 pcap-filter | ||
+ | </ | ||
- | == SSH exclude | + | ==== Port include ==== |
- | # | + | <code bash> |
+ | tcpdump -n -tttt -i rl0 dst port 221027 | ||
+ | </ | ||
+ | ==== Host include ==== | ||
+ | <code bash> | ||
+ | tcpdump -n -tttt -i rl0 host 192.168.10.2 | ||
+ | </ | ||
+ | |||
+ | ==== SSH exclude ==== | ||
+ | <code bash> | ||
+ | tcpdump -n -i rl0 'not port 22' | ||
+ | </ | ||
+ | |||
+ | ==== Dump full Packages for Wireshark ==== | ||
+ | <code bash> | ||
+ | tcpdump -s 65535 -w / | ||
+ | </ | ||
+ | |||
+ | ==== Filter IPv6 Network ==== | ||
+ | <code bash> | ||
+ | tcpdump -n 'net 2001: | ||
+ | </ | ||
+ | | ||
+ | ==== Show IPsec packets ==== | ||
+ | <code bash> | ||
+ | tcpdump -i igb0 -n -p 'udp port 500 or udp port 4500 or ip proto 50' | ||
+ | </ | ||
+ | |||
+ | ==== Dump for Wireshark with rotation ==== | ||
+ | <code bash> | ||
+ | tcpdump -i lo -G $((10*60)) -s 65535 -w / | ||
+ | </ | ||
+ | |||
+ | * -i lo | ||
+ | * Listen on loopback interface. | ||
+ | |||
+ | * -G < | ||
+ | * Rotate logs every 10 minutes. | ||
+ | |||
+ | * -s 65535 | ||
+ | * Capture full package. | ||
+ | |||
+ | * -w / | ||
+ | * Save dump to file. Ex. test.2015-08-11T12: | ||
+ | |||
+ | * -Z root | ||
+ | * Run as root user. //I had some permission problems with the default user (tcpdump)// |
apps/tcpdump.1418929736.txt.gz · Last modified: 2015-08-11 13:56 (external edit)