User Tools

Site Tools


tcpdump

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
tcpdump [2016/06/17 14:42] luke7858tcpdump [2024/05/23 07:26] (current) – external edit 127.0.0.1
Line 4: Line 4:
 \\ \\
 \\ \\
-^ Flag ^  Description ^ +== Common Examples == 
-| -A  | Print each packet (minus its link level header) in ASCII.  Handy for capturing web pages | +In the following example 
-| -n  | Don't convert host addresses to names.  This can be used to avoid DNS lookups. | +\\ 
-| -nn | Don't convert protocol and port numbers etc. to names either. | +> Replace **//x.x.x.x//** with the IP of the machine you are running the dump from. This IP depends on the interface (public/private
-| -w  | Write  the raw packets to file rather than parsing and printing them out | +> Replace **//y.y.y.y//** with the source IP. Example, server you are connecting FROM 
-| -i  | Interface | +<sxh bash> 
-| src | Only capture information from a source (eg, src host x.x.x.x )| +tcpdump -nn -tttt -i eth0 "dst port 3306" and "dst host x.x.x.x" and "src host y.y.y.y" 
-| dst | Only capture traffic to destination address (a server could have multiple IPs, so you can specify) | +</sxh> 
--t  | NO time stamp might be easier to read | +
--vvv| Even more verbose output For example, telnet SB ... SE options are printed in full With -X Telnet options are printed in hex as well|+
 \\ \\
 \\ \\
-== Examples == 
 Description: Clean - NO time stamps and NO packet output Description: Clean - NO time stamps and NO packet output
  
Line 28: Line 26:
 IP x.x.x.190.26753 > x.x.x.129.443: Flags [P.], seq 1:518, ack 1, win 229, options [nop,nop,TS val 176708934 ecr 180471895], length 517 IP x.x.x.190.26753 > x.x.x.129.443: Flags [P.], seq 1:518, ack 1, win 229, options [nop,nop,TS val 176708934 ecr 180471895], length 517
 </sxh> </sxh>
 +\\
 +\\
 Description: Capture packets and it has time stamps Description: Capture packets and it has time stamps
 <sxh bash> <sxh bash>
Line 55: Line 55:
     195.154.211.129.50684 > 82.94.168.11.443: Flags [.], cksum 0x91ac (incorrect -> 0x1bc7), seq 1, ack 34, win 772, options [nop,nop,TS val 180900262 ecr 1978798886], length 0     195.154.211.129.50684 > 82.94.168.11.443: Flags [.], cksum 0x91ac (incorrect -> 0x1bc7), seq 1, ack 34, win 772, options [nop,nop,TS val 180900262 ecr 1978798886], length 0
 </sxh> </sxh>
 +\\
 +\\
 +^ Flag ^  Description ^
 +| -A  | Print each packet (minus its link level header) in ASCII.  Handy for capturing web pages |
 +| -n  | Don't convert host addresses to names.  This can be used to avoid DNS lookups. |
 +| -nn | Don't convert protocol and port numbers etc. to names either. |
 +| -w  | Write  the raw packets to file rather than parsing and printing them out |
 +| -i  | Interface |
 +| src | Only capture information from a source (eg, src host x.x.x.x )|
 +| dst | Only capture traffic to destination address (a server could have multiple IPs, so you can specify) |
 +| -t  | NO time stamp - might be easier to read |
 +| -vvv| Even more verbose output.  For example, telnet SB ... SE options are printed in full.  With -X Telnet options are printed in hex as well. |
tcpdump.1466174554.txt.gz · Last modified: 2024/05/23 07:26 (external edit)

Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki