apps:tcpdump
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | |||
apps:tcpdump [2019-04-26 10:44] – [Dump for Wireshark with rotation] root | apps:tcpdump [2023-09-09 15:13] (current) – Manuel Frei | ||
---|---|---|---|
Line 10: | Line 10: | ||
==== Port include ==== | ==== Port include ==== | ||
<code bash> | <code bash> | ||
- | # tcpdump -n -tttt -i rl0 dst port 221027 | + | tcpdump -n -tttt -i rl0 dst port 221027 |
</ | </ | ||
==== Host include ==== | ==== Host include ==== | ||
<code bash> | <code bash> | ||
- | # tcpdump -n -tttt -i rl0 host 192.168.10.2 | + | tcpdump -n -tttt -i rl0 host 192.168.10.2 |
</ | </ | ||
==== SSH exclude ==== | ==== SSH exclude ==== | ||
<code bash> | <code bash> | ||
- | # tcpdump -n -i rl0 'not port 22' | + | tcpdump -n -i rl0 'not port 22' |
</ | </ | ||
==== Dump full Packages for Wireshark ==== | ==== Dump full Packages for Wireshark ==== | ||
<code bash> | <code bash> | ||
- | # tcpdump -s 65535 -w / | + | tcpdump -s 65535 -w / |
</ | </ | ||
==== Filter IPv6 Network ==== | ==== Filter IPv6 Network ==== | ||
<code bash> | <code bash> | ||
- | # tcpdump -n 'net 2001: | + | tcpdump -n 'net 2001: |
</ | </ | ||
| | ||
==== Show IPsec packets ==== | ==== Show IPsec packets ==== | ||
<code bash> | <code bash> | ||
- | # tcpdump -i igb0 -n -p 'udp port 500 or udp port 4500 or ip proto 50' | + | tcpdump -i igb0 -n -p 'udp port 500 or udp port 4500 or ip proto 50' |
</ | </ | ||
==== Dump for Wireshark with rotation ==== | ==== Dump for Wireshark with rotation ==== | ||
<code bash> | <code bash> | ||
- | # tcpdump -i lo -G $((10*60)) -s 65535 -w / | + | tcpdump -i lo -G $((10*60)) -s 65535 -w / |
</ | </ | ||
apps/tcpdump.1556268272.txt.gz · Last modified: 2019-04-26 10:44 by root