defect.ch - Wiki

User Tools

Site Tools

You are here: defect.ch - Wiki » Applications » tcpdump
apps:tcpdump

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
apps:tcpdump [2015-08-11 13:56] rootapps:tcpdump [2023-09-09 15:13] (current) Manuel Frei
Line 1: Line 1:
 ====== tcpdump ====== ====== tcpdump ======
 +
 +==== Filtering ====
 +
 +tcpdump uses packet filter syntax for filtering. For help see
 +<code bash>
 +man 7 pcap-filter
 +</code>
  
 ==== Port include ==== ==== Port include ====
-  # tcpdump -n -tttt -i rl0 dst port 22102+<code bash> 
 +tcpdump -n -tttt -i rl0 dst port 221027 
 +</code>
  
 ==== Host include ==== ==== Host include ====
-  # tcpdump -n -tttt -i rl0 host 192.168.10.2+<code bash> 
 +tcpdump -n -tttt -i rl0 host 192.168.10.2 
 +</code>
  
 ==== SSH exclude ==== ==== SSH exclude ====
-  # tcpdump -n -i rl0 'not port 22' +<code bash> 
- +tcpdump -n -i rl0 'not port 22'
-==== Dump for Wireshark with rotation ==== +
- +
-<code> +
-# tcpdump -i lo -G $((10*60)) -s 65535 -w /tmp/test.%Y-%m-%dT%H:%M.pcap -Z root+
 </code> </code>
  
-<code> +==== Dump full Packages for Wireshark ==== 
--i lo+<code bash
 +tcpdump -s 65535 -w /tmp/test.pcap
 </code> </code>
  
-Listen on loopback interface. +==== Filter IPv6 Network ==== 
- +<code bash> 
-<code> +tcpdump -n 'net 2001:470:26:6bd::/64 and port 443' 
--G $((10*60))+</code> 
 +   
 +==== Show IPsec packets ==== 
 +<code bash> 
 +tcpdump -i igb0 -n -p 'udp port 500 or udp port 4500 or ip proto 50'
 </code> </code>
  
-Rotate logs every 10 minutes. +==== Dump for Wireshark with rotation ==== 
- +<code bash
-<code> +tcpdump -i lo -G $((10*60)) -s 65535 -w /tmp/test.%Y-%m-%dT%H:%M.pcap -Z root
--s 65535+
 </code> </code>
  
-Capture full package.+  * -i lo 
 +    * Listen on loopback interface.
  
-<code> +  * -G <nowiki>$((10*60))</nowiki> 
--w /tmp/test.%Y-%m-%dT%H:%M.pcap +    * Rotate logs every 10 minutes.
-</code>+
  
-Save dump to file. Ex. test.2015-08-11T12:16.pcap+  * -s 65535 
 +    * Capture full package.
  
-<code> +  * -/tmp/test.%Y-%m-%dT%H:%M.pcap 
--Z root +    * Save dump to file. Ex. test.2015-08-11T12:16.pcap
-</code>+
  
-Run as root user. //I had some permission problems with default user (tcpdump)//+  * -Z root 
 +    * Run as root user. //I had some permission problems with the default user (tcpdump)//
apps/tcpdump.1439294176.txt.gz · Last modified: 2015-08-11 13:56 by root