Tcpdump cheat sheet: Difference between revisions

From wiki.comcert.com
Jump to navigation Jump to search
VisualWikitext
No edit summary
No edit summary
Line 1: Line 1:


=== Display packtes from host on interface eth0: ===
=== Display packtes from <host> on&nbsp;interface eth0: ===
<pre>tcpdump -i eth1 -vv host <IP-VSCOUT></pre>
<pre>tcpdump -i eth1 -n host <HOST></pre>


&nbsp;
&nbsp;


=== Save packets to trace file on&nbsp;interface eth0 with the exclusion of SSH traffic: ===
=== Save packets to trace file on&nbsp;interface eth0 with the exclusion of SSH traffic: ===
<pre>tcpdump -i eth0 -s 0 port not 22 -w <path> &
<pre>tcpdump -i eth0 port not 22 -w <path>
</pre>
 
&nbsp;
 
=== Save packets to trace file on&nbsp;interface eth0 - icmp only: ===
<pre>tcpdump -i eth0 icmp -w <path>
</pre>
</pre>


Revision as of 15:07, 14 June 2018

Display packtes from <host> on interface eth0:

tcpdump -i eth1 -n host <HOST>

 

Save packets to trace file on interface eth0 with the exclusion of SSH traffic:

tcpdump -i eth0 port not 22 -w <path>

 

Save packets to trace file on interface eth0 - icmp only:

tcpdump -i eth0 icmp -w <path>

 

To stop:

<Enter>
Retrieved from "https://wiki.comcert.com/index.php?title=Tcpdump_cheat_sheet&oldid=3227"