Tcpdump cheat sheet

From wiki.comcert.com

Revision as of 15:07, 14 June 2018 by Bert (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Display packtes from <host> on interface eth0:

tcpdump -i eth1 -n host <HOST>

Save packets to trace file on interface eth0 with the exclusion of SSH traffic:

tcpdump -i eth0 port not 22 -w <path>

Save packets to trace file on interface eth0 - icmp only:

tcpdump -i eth0 icmp -w <path>

To stop:

<Enter>

Retrieved from "https://wiki.comcert.com/index.php?title=Tcpdump_cheat_sheet&oldid=3227"