Changes

Jump to navigation Jump to search

Linux Command: tcpdump (edit)

Revision as of 09:02, 9 October 2018

598 bytes added ,  09:02, 9 October 2018
→‎Filter by protocol
Line 48: Line 48:  
=== Filter by protocol ===
 
=== Filter by protocol ===
 
  tcpdump icmp
 
  tcpdump icmp
 +
=== Filter by packet size ===
 +
tcpdump less 32
 +
tcpdump greater 64
 +
tcpdump <= 128
 +
=== Read/Write File ===
 +
==== Write ====
 +
tcpdump port 80 -w capture_file
 +
==== Read ====
 +
tcpdump -r capture_file
 +
 +
== Combinations ==
 +
* AND
 +
and or &&
 +
* OR
 +
or or ||
 +
* EXCEPT
 +
not or !
 +
=== traffic from 10.5.2.3 going to any host on port 3389 ===
 +
tcpdump -nnvvS src 10.5.2.3 and dst port 3389
 +
=== Traffic from one network to another ===
 +
tcpdump -nvX src net 192.168.0.0/16 and dst net 10.0.0.0/8 or 172.16.0.0/16
 +
=== non icmp traffic going to a specific ip ===
 +
tcpdump dst 192.168.0.2 and src net and not icmp
Retrieved from "https://wiki.herrerosolis.com/index.php/Special:MobileDiff/1531"

Navigation menu