Tcpdump
# tcpdump –c 30 –I eth0
# tcpdump -w /tmp/tcpdump.pcap -n
–tttt -i eth5 dst 1.2.3.4 and port 22
# tcpdump -w comm.pcap -i eth0 src
xxx.xxx.xxx.xxx and port 22 and dst xxx.xxx.xxx.xxx and port 22
# tcpdump -i eth0 -n dst port 80
# tcpdump -w comm.pcap -s 1000 -i bond0
udp and \(host 172.20.68.176 and host 172.24.173.9\)
# tcpdump -i any -w /var/tmp/tcpdump00
-s0 not host he3lnxd120-priv and not host he3lnxd121-priv and not
host he3lnxd122-priv and not tcp port 22
# tcpdump -r /var/tmp/tcpdump00 -vSxX >
/var/tmp/mosdump
# tcpdump –A –I eth0
# tcpdump –tttt –r data.pcap
# tcpdump -nnvXSs 0 -c2 icmp
# tcpdump -D -> Displays available
interfaces
# tcpdump portrange 9001-10002
# tcpdump -s0 -i eth0 -w file.pcap
not tcp port 22
#tcpdump -r capture.pcap -w http.pcap
tcp port 80 (reads a capture file and output it to another file)
# tcpdump -i any -w
/var/tmp/`hostname`_tcpdump.pac -s0 host he2lnxp201 and not tcp port
22
# tcpdump -nnvXSs 0 -r
he3lnxd120_tcpdump.pcap > /tmphe3lnxd120_tcpdump.txt
-i any : Listen on all interfaces just
to see if you're seeing any traffic.
-n : Don't resolve hostnames.
-nn : Don't resolve hostnames or port
names.
-X : Show the packet's contents in both
hex and ASCII.
-XX : Same as -X, but also shows the
ethernet header.
-v, -vv, -vvv : Increase the amount of
packet information you get back.
-c : Only get x number of packets and
then stop.
-s : Define the snaplength (size) of
the capture in bytes. Use -s0 to get everything, unless you are
intentionally capturing less.
-S : Print absolute sequence numbers.
-e : Get the ethernet header as well.
-q : Show less protocol information.
-E : Decrypt IPSEC traffic by providing
an encryption key.
-v: slightly verbose
-vv: More verbose
-vvv: Total verbosity
No comments:
Post a Comment