User Tools

Site Tools

Trace: apache_security ram_diagnostics apache_sitedown
tcpdump

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
tcpdump [2016/06/17 14:42] luke7858tcpdump [2024/05/23 07:26] (current) – external edit 127.0.0.1
Line 4: Line 4:
 \\ \\
 \\ \\
-^ Flag ^  Description ^ +== Common Examples == 
-| -A  | Print each packet (minus its link level header) in ASCII.  Handy for capturing web pages | +In the following example 
-| -n  | Don't convert host addresses to names.  This can be used to avoid DNS lookups. | +\\ 
-| -nn | Don't convert protocol and port numbers etc. to names either. | +> Replace **//x.x.x.x//** with the IP of the machine you are running the dump from. This IP depends on the interface (public/private
-| -w  | Write  the raw packets to file rather than parsing and printing them out | +> Replace **//y.y.y.y//** with the source IP. Example, server you are connecting FROM 
-| -i  | Interface | +<sxh bash> 
-| src | Only capture information from a source (eg, src host x.x.x.x )| +tcpdump -nn -tttt -i eth0 "dst port 3306" and "dst host x.x.x.x" and "src host y.y.y.y" 
-| dst | Only capture traffic to destination address (a server could have multiple IPs, so you can specify) | +</sxh> 
--t  | NO time stamp might be easier to read | +
--vvv| Even more verbose output For example, telnet SB ... SE options are printed in full With -X Telnet options are printed in hex as well|+
 \\ \\
 \\ \\
-== Examples == 
 Description: Clean - NO time stamps and NO packet output Description: Clean - NO time stamps and NO packet output
  
Line 28: Line 26:
 IP x.x.x.190.26753 > x.x.x.129.443: Flags [P.], seq 1:518, ack 1, win 229, options [nop,nop,TS val 176708934 ecr 180471895], length 517 IP x.x.x.190.26753 > x.x.x.129.443: Flags [P.], seq 1:518, ack 1, win 229, options [nop,nop,TS val 176708934 ecr 180471895], length 517
 </sxh> </sxh>
 +\\
 +\\
 Description: Capture packets and it has time stamps Description: Capture packets and it has time stamps
 <sxh bash> <sxh bash>
Line 55: Line 55:
     195.154.211.129.50684 > 82.94.168.11.443: Flags [.], cksum 0x91ac (incorrect -> 0x1bc7), seq 1, ack 34, win 772, options [nop,nop,TS val 180900262 ecr 1978798886], length 0     195.154.211.129.50684 > 82.94.168.11.443: Flags [.], cksum 0x91ac (incorrect -> 0x1bc7), seq 1, ack 34, win 772, options [nop,nop,TS val 180900262 ecr 1978798886], length 0
 </sxh> </sxh>
 +\\
 +\\
 +^ Flag ^  Description ^
 +| -A  | Print each packet (minus its link level header) in ASCII.  Handy for capturing web pages |
 +| -n  | Don't convert host addresses to names.  This can be used to avoid DNS lookups. |
 +| -nn | Don't convert protocol and port numbers etc. to names either. |
 +| -w  | Write  the raw packets to file rather than parsing and printing them out |
 +| -i  | Interface |
 +| src | Only capture information from a source (eg, src host x.x.x.x )|
 +| dst | Only capture traffic to destination address (a server could have multiple IPs, so you can specify) |
 +| -t  | NO time stamp - might be easier to read |
 +| -vvv| Even more verbose output.  For example, telnet SB ... SE options are printed in full.  With -X Telnet options are printed in hex as well. |
tcpdump.1466174554.txt.gz · Last modified: 2024/05/23 07:26 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: Public Domain
Public Domain Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki