apps:tcpdump
This is an old revision of the document!
Table of Contents
tcpdump
Port include
# tcpdump -n -tttt -i rl0 dst port 22102
Host include
# tcpdump -n -tttt -i rl0 host 192.168.10.2
SSH exclude
# tcpdump -n -i rl0 'not port 22'
Dump for Wireshark with rotation
# tcpdump -i lo -G $((10*60)) -s 65535 -w /tmp/test.%Y-%m-%dT%H:%M.pcap -Z root
- -i lo
- Listen on loopback interface.
- -G $((10*60))
- Rotate logs every 10 minutes.
- -s 65535
- Capture full package.
- -w /tmp/test.%Y-%m-%dT%H:%M.pcap
- Save dump to file. Ex. test.2015-08-11T12:16.pcap
- -Z root
- Run as root user. I had some permission problems with default user (tcpdump)
apps/tcpdump.1439725757.txt.gz · Last modified: 2015-08-16 13:49 by root