Difference between revisions of "Linux Command: tcpdump"
Jump to navigation
Jump to search
Rafahsolis (talk | contribs) (Created page with " tcpdump -i eth1 -s 1500 port not 22 You can skip additional ports too: tcpdump -i eth1 -s 1500 port not 22 and port not 53 You can also use ip or hostname: tcpdump -i...") |
Rafahsolis (talk | contribs) |
||
| Line 1: | Line 1: | ||
| + | == Options == | ||
| + | <nowiki>-i any : Listen on all interfaces just to see if you’re seeing any traffic. | ||
| + | -i eth0 : Listen on the eth0 interface. | ||
| + | -D : Show the list of available interfaces | ||
| + | -l : Line-readable output (for viewing as you save, or sending to other commands) | ||
| + | -A : Display output in ASCII. | ||
| + | -n : Don’t resolve hostnames. | ||
| + | -nn : Don’t resolve hostnames or port names. | ||
| + | -q : Be less verbose (more quiet) with your output. | ||
| + | -t : Give human-readable timestamp output. | ||
| + | -tttt : Give maximally human-readable timestamp output. | ||
| + | -X : Show the packet’s contents in both hex and ascii. | ||
| + | -XX : Same as -X, but also shows the ethernet header. | ||
| + | -v, -vv, -vvv : Increase the amount of packet information you get back. | ||
| + | -c : Only get x number of packets and then stop. | ||
| + | -s : Define the snaplength (size) of the capture in bytes. Use -s0 to get everything, unless you are intentionally capturing less. | ||
| + | -S : Print absolute sequence numbers. | ||
| + | -e : Get the ethernet header as well. | ||
| + | -q : Show less protocol information. | ||
| + | -E : Decrypt IPSEC traffic by providing an encryption key.</nowiki> | ||
| + | |||
tcpdump -i eth1 -s 1500 port not 22 | tcpdump -i eth1 -s 1500 port not 22 | ||
Revision as of 08:38, 9 October 2018
Options
-i any : Listen on all interfaces just to see if you’re seeing any traffic. -i eth0 : Listen on the eth0 interface. -D : Show the list of available interfaces -l : Line-readable output (for viewing as you save, or sending to other commands) -A : Display output in ASCII. -n : Don’t resolve hostnames. -nn : Don’t resolve hostnames or port names. -q : Be less verbose (more quiet) with your output. -t : Give human-readable timestamp output. -tttt : Give maximally human-readable timestamp output. -X : Show the packet’s contents in both hex and ascii. -XX : Same as -X, but also shows the ethernet header. -v, -vv, -vvv : Increase the amount of packet information you get back. -c : Only get x number of packets and then stop. -s : Define the snaplength (size) of the capture in bytes. Use -s0 to get everything, unless you are intentionally capturing less. -S : Print absolute sequence numbers. -e : Get the ethernet header as well. -q : Show less protocol information. -E : Decrypt IPSEC traffic by providing an encryption key.
tcpdump -i eth1 -s 1500 port not 22
You can skip additional ports too:
tcpdump -i eth1 -s 1500 port not 22 and port not 53
You can also use ip or hostname:
tcpdump -i eth1 port not 22 and host 1.2.3.4