Tcpdump cheat sheet: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
=== Display packtes from <host> on interface eth0: === | === Display packtes from <host> on interface eth0, no name resolution: === | ||
<pre>tcpdump -i | <pre>tcpdump -i eth0 -s 0 -nnn host <HOST></pre> | ||
| | ||
=== Save packets to | === Save packets to tracefile <filename> on interface eth0 with the exclusion of SSH traffic: === | ||
<pre>tcpdump -i eth0 | <pre>tcpdump -i eth0 -s 0 -w <filename> port not 22 | ||
</pre> | </pre> | ||
| | ||
=== Save packets to | === Save icmp packets to tracefile <filename> on interface eth0: === | ||
<pre>tcpdump -i eth0 | <pre>tcpdump -i eth0 -s 0 -w <filename> icmp | ||
</pre> | </pre> | ||
| |||
Packets from host A.B.C.D on port 1234 | |||
<pre>tcpdump -i eth0 -s 0 host A.B.C.D && port 1234</pre> | |||
| |||
Packets on port 1234 for 10 minutes (dump tracefile <filename> once after 600 seconds): | |||
<pre>tcpdump -i eth0 -s 0 -G 600 -W 1 -s 0 -w <filename> port 1234</pre> | |||
| | ||
Revision as of 13:20, 21 April 2020
Display packtes from <host> on interface eth0, no name resolution:
tcpdump -i eth0 -s 0 -nnn host <HOST>
Save packets to tracefile <filename> on interface eth0 with the exclusion of SSH traffic:
tcpdump -i eth0 -s 0 -w <filename> port not 22
Save icmp packets to tracefile <filename> on interface eth0:
tcpdump -i eth0 -s 0 -w <filename> icmp
Packets from host A.B.C.D on port 1234
tcpdump -i eth0 -s 0 host A.B.C.D && port 1234
Packets on port 1234 for 10 minutes (dump tracefile <filename> once after 600 seconds):
tcpdump -i eth0 -s 0 -G 600 -W 1 -s 0 -w <filename> port 1234
To stop:
<Enter>