apps:tcpdump
This is an old revision of the document!
Table of Contents
tcpdump
Port include
# tcpdump -n -tttt -i rl0 dst port 22102
Host include
# tcpdump -n -tttt -i rl0 host 192.168.10.2
SSH exclude
# tcpdump -n -i rl0 'not port 22'
Dump for Wireshark with rotation
# tcpdump -i lo -G $((10*60)) -s 65535 -w /tmp/test.%Y-%m-%dT%H:%M.pcap -Z root
-i lo
Listen on loopback interface.
-G $((10*60))
Rotate logs every 10 minutes.
-s 65535
Capture full package.
-w /tmp/test.%Y-%m-%dT%H:%M.pcap
Save dump to file. Ex. test.2015-08-11T12:16.pcap
-Z root
Run as root user. I had some permission problems with default user (tcpdump)
apps/tcpdump.1439294176.txt.gz · Last modified: 2015-08-11 13:56 by root