Tcpdump cheat sheet: Difference between revisions

Revision as of 13:21, 21 April 2020

tcpdump -i eth0 -s 0 -nnn host <HOST>

tcpdump -i eth0 -s 0 -w <filename> port not 22

tcpdump -i eth0 -s 0 -w <filename> icmp

tcpdump -i eth0 -s 0 host A.B.C.D && port 1234

tcpdump -i eth0 -s 0 -G 600 -W 1 -s 0 -w <filename> port 1234

<Ctrl>-C

@@ Line 1: / Line 1: @@
-=== Display packtes from <host> on&nbsp;interface eth0, no name resolution: ===
+=== Display packtes from <host> on&nbsp;interface eth0, no name resolution ===
 <pre>tcpdump -i eth0 -s 0 -nnn host <HOST></pre>
 &nbsp;
-=== Save packets to tracefile <filename> on&nbsp;interface eth0 with the exclusion of SSH traffic: ===
+=== Save packets to tracefile <filename> on&nbsp;interface eth0 with the exclusion of SSH traffic ===
 <pre>tcpdump -i eth0 -s 0 -w <filename> port not 22
 </pre>
@@ Line 11: / Line 11: @@
 &nbsp;
-=== Save icmp packets to tracefile <filename> on&nbsp;interface eth0: ===
+=== Save icmp packets to tracefile <filename> on&nbsp;interface eth0 ===
 <pre>tcpdump -i eth0 -s 0 -w <filename> icmp
 </pre>
@@ Line 22: / Line 22: @@
 &nbsp;
-=== Packets on port 1234 for 10 minutes (dump tracefile <filename> once after 600 seconds): ===
+=== Packets on port 1234 for 10 minutes (dump tracefile <filename> once after 600 seconds) ===
 <pre>tcpdump -i eth0 -s 0 -G 600 -W 1 -s 0 -w <filename> port 1234</pre>
 &nbsp;
-=== To stop: ===
+=== Stop ===
-<pre><Enter></pre>
+<pre><Ctrl>-C</pre>