TCPDump
A Linux command-line packet capture utility.
Basic Syntax
tcpdump -i [eth0|any]
Flags
-w Write output to a file
-r Read the contents of a capture file
-v[v[v]] Select the three levels of detail shown about each frame
-e Show the Ethernet header
Filter Expressions
- Type - either
host,net,port, orportrange - Direction - by source (
src), destination (dst) parameters (host,network, orport) - Protocol - by a named protocol, like ARP, ICMP, IP, Transmission-Control-Protocol, and User-Datagram-Protocol
- Boolean (and
&&, not!, and or||)
You can also use parentheses for expression grouping, e.g.
tcpdump -t eth0 "src host 10.1.0.100 && (dst port 53 || dst port 80)"
No comments to display
No comments to display