-
Notifications
You must be signed in to change notification settings - Fork 2
TCPDump
Capture from all interfaces
tcpdump -i any
Capture from specific interface ( Ex Eth0)
tcpdump -i eth0
Capture first 10 packets and exit
tcpdump -i eth0 -c 10
Show available interfaces
tcpdump -D
Print in ASCII
tcpdump -i eth0 -A
To save capture to a file
tcpdump -i eth0 -w tcpdump.txt
Read and analyze saved capture file
tcpdump -r tcpdump.txt
Do not resolve host names
tcpdump -n -I eth0
Stop Domain name translation and lookups (Host names or port names )
tcpdump -n -i eth0
Capture TCP packets only
tcpdump -i eth0 -c 10 -w tcpdump.pcap tcp
Capture traffic from a defined port only
tcpdump -i eth0 port 80
Capture packets from specific host
tcpdump host 192.168.1.100
Capture files from network subnet
tcpdump net 10.1.1.0/16
Capture from a specific source address
tcpdump src 10.1.1.100
Capture from a specific destination address
tcpdump dst 10.1.1.100
Filter traffic based on a service
tcpdump port 80
Filter based on port range
tcpdump portrange 21-125
Display entire packet
tcpdump -S http
Show only IPV6 packets
tcpdunp -IPV6
display human readable form in standard output
tcpdump -d tcpdump.pcap
Use the given file as input for filter
tcpdump -F tcpdump.pcap
set interface as monitor mode
tcpdump -I eth0
Display data link types for the interface
tcpdump -L
not printing domian names
tcpdump -N tcpdump.pcap
Do not verify checksum
tcpdump -K tcpdump.pcap
Not capturing in promiscuous mode
tcpdump -p -i eth0