Tcpdump cheat sheet

From wiki.comcert.com

Revision as of 13:20, 21 April 2020 by Bert (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Display packtes from <host> on interface eth0, no name resolution:

tcpdump -i eth0 -s 0 -nnn host <HOST>

Save packets to tracefile <filename> on interface eth0 with the exclusion of SSH traffic:

tcpdump -i eth0 -s 0 -w <filename> port not 22

Save icmp packets to tracefile <filename> on interface eth0:

tcpdump -i eth0 -s 0 -w <filename> icmp

Packets from host A.B.C.D on port 1234

tcpdump -i eth0 -s 0 host A.B.C.D && port 1234

Packets on port 1234 for 10 minutes (dump tracefile <filename> once after 600 seconds):

tcpdump -i eth0 -s 0 -G 600 -W 1 -s 0 -w <filename> port 1234

To stop:

<Enter>

Retrieved from "https://wiki.comcert.com/index.php?title=Tcpdump_cheat_sheet&oldid=5732"