Differences

This shows you the differences between two versions of the page.

--- apps:tcpdump [2015-09-03 18:47] – root
+++ apps:tcpdump [2023-09-09 15:13] (current) – Manuel Frei
@@ Line 1: / Line 1: @@
 ====== tcpdump ======
+==== Filtering ====
+tcpdump uses packet filter syntax for filtering. For help see
+<code bash>
+man 7 pcap-filter
+</code>
 ==== Port include ====
-  # tcpdump -n -tttt -i rl0 dst port 22102
+<code bash>
+tcpdump -n -tttt -i rl0 dst port 221027
+</code>
 ==== Host include ====
-  # tcpdump -n -tttt -i rl0 host 192.168.10.2
+<code bash>
+tcpdump -n -tttt -i rl0 host 192.168.10.2
+</code>
 ==== SSH exclude ====
-  # tcpdump -n -i rl0 'not port 22'
+<code bash>
+tcpdump -n -i rl0 'not port 22'
+</code>
 ==== Dump full Packages for Wireshark ====
+<code bash>
-  # tcpdump -s 65535 -w /tmp/test.pcap
+tcpdump -s 65535 -w /tmp/test.pcap
+</code>
 ==== Filter IPv6 Network ====
+<code bash>
-  # tcpdump -n 'net 2001:470:26:6bd::/64 and port 443'
+tcpdump -n 'net 2001:470:26:6bd::/64 and port 443'
+</code>
+==== Show IPsec packets ====
+<code bash>
+tcpdump -i igb0 -n -p 'udp port 500 or udp port 4500 or ip proto 50'
+</code>
 ==== Dump for Wireshark with rotation ====
+<code bash>
-<code>
+tcpdump -i lo -G $((10*60)) -s 65535 -w /tmp/test.%Y-%m-%dT%H:%M.pcap -Z root
-# tcpdump -i lo -G $((10*60)) -s 65535 -w /tmp/test.%Y-%m-%dT%H:%M.pcap -Z root
 </code>
@@ Line 38: / Line 56: @@
   * -Z root
-    * Run as root user. //I had some permission problems with default user (tcpdump)//
+    * Run as root user. //I had some permission problems with the default user (tcpdump)//