From bc55732c55a0c854f6e3c3cc40efd603907ecdcb Mon Sep 17 00:00:00 2001 From: johannst Date: Tue, 15 Mar 2022 17:05:22 +0000 Subject: deploy: 33d74c3b33394769a2040ff451fbfdfd58e9bf92 --- network/tcpdump.html | 246 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 246 insertions(+) create mode 100644 network/tcpdump.html (limited to 'network/tcpdump.html') diff --git a/network/tcpdump.html b/network/tcpdump.html new file mode 100644 index 0000000..6c3d55f --- /dev/null +++ b/network/tcpdump.html @@ -0,0 +1,246 @@ + + + + + + tcpdump - Notes + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +

+ +

+ +

+

+

+ + + + + + +

+ + + +

+ + + + + + + + +

+

+

+ + + + + + + + +

+

+

tcpdump(1)

+

CLI

+

tcpdump [opts] -i <if> [<filter>]
+    -n              Don't covert host/port names.
+    -w <file|->     Write pcap trace to file or stdout (-).
+    -r <file>       Read & parse pcap file.
+

+

Some useful filters.

+

src <ip>                Filter for source IP.
+dst <ip>                Filter for destination IP.
+host <ip>               Filter for IP (src + dst).
+net <ip>/<range>        Filter traffic on subnet.
+[src/dst] port <port>   Filter for port (optionally src/dst).
+tcp/udp/icmp            Filter for protocol.
+

+

+
Use and/or/not and () to build filter expressions.
+

+

Examples

+

Capture packets from remote host

+

# -k: Start capturing immediately.
+ssh <host> tcpdump -i <IF> -w - | sudo wireshark -k -i -
+

+ +

+ + +

+

+ + + +

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + -- cgit v1.2.3