apps:tcpdump
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
apps:tcpdump [2015-09-03 18:47] – root | apps:tcpdump [2023-09-09 15:13] (current) – Manuel Frei | ||
---|---|---|---|
Line 1: | Line 1: | ||
====== tcpdump ====== | ====== tcpdump ====== | ||
+ | |||
+ | ==== Filtering ==== | ||
+ | |||
+ | tcpdump uses packet filter syntax for filtering. For help see | ||
+ | <code bash> | ||
+ | man 7 pcap-filter | ||
+ | </ | ||
==== Port include ==== | ==== Port include ==== | ||
- | # tcpdump -n -tttt -i rl0 dst port 22102 | + | <code bash> |
+ | tcpdump -n -tttt -i rl0 dst port 221027 | ||
+ | </ | ||
==== Host include ==== | ==== Host include ==== | ||
- | # tcpdump -n -tttt -i rl0 host 192.168.10.2 | + | <code bash> |
+ | tcpdump -n -tttt -i rl0 host 192.168.10.2 | ||
+ | </ | ||
==== SSH exclude ==== | ==== SSH exclude ==== | ||
- | # tcpdump -n -i rl0 'not port 22' | + | <code bash> |
+ | tcpdump -n -i rl0 'not port 22' | ||
+ | </ | ||
==== Dump full Packages for Wireshark ==== | ==== Dump full Packages for Wireshark ==== | ||
- | + | <code bash> | |
- | # | + | tcpdump -s 65535 -w / |
+ | </ | ||
==== Filter IPv6 Network ==== | ==== Filter IPv6 Network ==== | ||
- | + | <code bash> | |
- | # | + | tcpdump -n 'net 2001: |
+ | </ | ||
+ | |||
+ | ==== Show IPsec packets ==== | ||
+ | <code bash> | ||
+ | tcpdump -i igb0 -n -p 'udp port 500 or udp port 4500 or ip proto 50' | ||
+ | </ | ||
==== Dump for Wireshark with rotation ==== | ==== Dump for Wireshark with rotation ==== | ||
- | + | < | |
- | < | + | tcpdump -i lo -G $((10*60)) -s 65535 -w / |
- | # tcpdump -i lo -G $((10*60)) -s 65535 -w / | + | |
</ | </ | ||
Line 38: | Line 56: | ||
* -Z root | * -Z root | ||
- | * Run as root user. //I had some permission problems with default user (tcpdump)// | + | * Run as root user. //I had some permission problems with the default user (tcpdump)// |
apps/tcpdump.1441298848.txt.gz · Last modified: 2015-09-03 18:47 by root