apps:tcpdump
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
apps:tcpdump [2015-08-11 13:56] – root | apps:tcpdump [2023-09-09 15:13] (current) – Manuel Frei | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== tcpdump ====== | ====== tcpdump ====== | ||
+ | |||
+ | ==== Filtering ==== | ||
+ | |||
+ | tcpdump uses packet filter syntax for filtering. For help see | ||
+ | <code bash> | ||
+ | man 7 pcap-filter | ||
+ | </ | ||
==== Port include ==== | ==== Port include ==== | ||
- | # tcpdump -n -tttt -i rl0 dst port 22102 | + | <code bash> |
+ | tcpdump -n -tttt -i rl0 dst port 221027 | ||
+ | </ | ||
==== Host include ==== | ==== Host include ==== | ||
- | # tcpdump -n -tttt -i rl0 host 192.168.10.2 | + | <code bash> |
+ | tcpdump -n -tttt -i rl0 host 192.168.10.2 | ||
+ | </ | ||
==== SSH exclude ==== | ==== SSH exclude ==== | ||
- | # tcpdump -n -i rl0 'not port 22' | + | <code bash> |
- | + | tcpdump -n -i rl0 'not port 22' | |
- | ==== Dump for Wireshark with rotation ==== | + | |
- | + | ||
- | < | + | |
- | # tcpdump -i lo -G $((10*60)) -s 65535 -w / | + | |
</ | </ | ||
- | < | + | ==== Dump full Packages for Wireshark ==== |
- | -i lo | + | < |
+ | tcpdump -s 65535 -w / | ||
</ | </ | ||
- | Listen on loopback interface. | + | ==== Filter IPv6 Network ==== |
- | + | <code bash> | |
- | < | + | tcpdump -n 'net 2001: |
- | -G $((10*60)) | + | </code> |
+ | |||
+ | ==== Show IPsec packets ==== | ||
+ | <code bash> | ||
+ | tcpdump -i igb0 -n -p 'udp port 500 or udp port 4500 or ip proto 50' | ||
</ | </ | ||
- | Rotate logs every 10 minutes. | + | ==== Dump for Wireshark with rotation ==== |
- | + | < | |
- | < | + | tcpdump -i lo -G $((10*60)) |
- | -s 65535 | + | |
</ | </ | ||
- | Capture full package. | + | * -i lo |
+ | * Listen on loopback interface. | ||
- | <code> | + | * -G <nowiki>$((10*60))</nowiki> |
- | -w / | + | * Rotate logs every 10 minutes. |
- | </code> | + | |
- | Save dump to file. Ex. test.2015-08-11T12:16.pcap | + | * -s 65535 |
+ | * Capture full package. | ||
- | < | + | * -w /tmp/ |
- | -Z root | + | * Save dump to file. Ex. test.2015-08-11T12: |
- | </code> | + | |
- | Run as root user. //I had some permission problems with default user (tcpdump)// | + | * -Z root |
+ | * Run as root user. //I had some permission problems with the default user (tcpdump)// |
apps/tcpdump.1439294176.txt.gz · Last modified: 2015-08-11 13:56 by root