User Tools

Site Tools

Trace:
tcpdump

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
tcpdump [2016/06/17 14:36] – created luke7858tcpdump [2024/05/23 07:26] (current) – external edit 127.0.0.1
Line 1: Line 1:
 TCP dump is used to create DUMPs of network traffic. This information can then be used to troubleshoot a range of problems you may be having, eg, application issues, networking issues etc. TCP dump is used to create DUMPs of network traffic. This information can then be used to troubleshoot a range of problems you may be having, eg, application issues, networking issues etc.
 \\ \\
 +__**Note**__: If you write the output of a tcp dump to a file, you can then import this file into wire shark to interpret this better (make life easier)
 \\ \\
-^ Flag ^  Description ^ +\\ 
-| -A  | Print each packet (minus its link level headerin ASCII.  Handy for capturing web pages | +== Common Examples == 
-| -n  | Don't convert host addresses to names This can be used to avoid DNS lookups+In the following example 
-| -nn | Don't convert protocol and port numbers etcto names either| +\\ 
-| -w  | Write  the raw packets to file rather than parsing and printing them out | +> Replace **//x.x.x.x//** with the IP of the machine you are running the dump from. This IP depends on the interface (public/private
--i  | Interface | +> Replace **//y.y.y.y//** with the source IPExample, server you are connecting FROM 
-| src | Only capture source information | +<sxh bash> 
--t  | NO time stamp might be easier to read | +tcpdump -nn -tttt -i eth0 "dst port 3306" and "dst host x.x.x.x" and "src host y.y.y.y" 
-| -vvv| Even more verbose output For example, telnet SB ... SE options are printed in full With -X Telnet options are printed in hex as well|+</sxh> 
 \\ \\
 \\ \\
-== Examples == 
 Description: Clean - NO time stamps and NO packet output Description: Clean - NO time stamps and NO packet output
  
Line 25: Line 26:
 IP x.x.x.190.26753 > x.x.x.129.443: Flags [P.], seq 1:518, ack 1, win 229, options [nop,nop,TS val 176708934 ecr 180471895], length 517 IP x.x.x.190.26753 > x.x.x.129.443: Flags [P.], seq 1:518, ack 1, win 229, options [nop,nop,TS val 176708934 ecr 180471895], length 517
 </sxh> </sxh>
 +\\
 +\\
 Description: Capture packets and it has time stamps Description: Capture packets and it has time stamps
 <sxh bash> <sxh bash>
Line 52: Line 55:
     195.154.211.129.50684 > 82.94.168.11.443: Flags [.], cksum 0x91ac (incorrect -> 0x1bc7), seq 1, ack 34, win 772, options [nop,nop,TS val 180900262 ecr 1978798886], length 0     195.154.211.129.50684 > 82.94.168.11.443: Flags [.], cksum 0x91ac (incorrect -> 0x1bc7), seq 1, ack 34, win 772, options [nop,nop,TS val 180900262 ecr 1978798886], length 0
 </sxh> </sxh>
 +\\
 +\\
 +^ Flag ^  Description ^
 +| -A  | Print each packet (minus its link level header) in ASCII.  Handy for capturing web pages |
 +| -n  | Don't convert host addresses to names.  This can be used to avoid DNS lookups. |
 +| -nn | Don't convert protocol and port numbers etc. to names either. |
 +| -w  | Write  the raw packets to file rather than parsing and printing them out |
 +| -i  | Interface |
 +| src | Only capture information from a source (eg, src host x.x.x.x )|
 +| dst | Only capture traffic to destination address (a server could have multiple IPs, so you can specify) |
 +| -t  | NO time stamp - might be easier to read |
 +| -vvv| Even more verbose output.  For example, telnet SB ... SE options are printed in full.  With -X Telnet options are printed in hex as well. |
tcpdump.1466174164.txt.gz · Last modified: 2024/05/23 07:26 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki