blob: fdaf9110c3597fd078b3140476fa92f26a827ce6 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
# tcpdump(1)
# CLI
```markdown
tcpdump [opts] -i <if> [<filter>]
-n Don't covert host/port names.
-w <file|-> Write pcap trace to file or stdout (-).
-r <file> Read & parse pcap file.
```
Some useful filters.
```markdown
src <ip> Filter for source IP.
dst <ip> Filter for destination IP.
host <ip> Filter for IP (src + dst).
net <ip>/<range> Filter traffic on subnet.
[src/dst] port <port> Filter for port (optionally src/dst).
tcp/udp/icmp Filter for protocol.
```
> Use `and/or/not` and `()` to build filter expressions.
# Examples
## Capture packets from remote host
```makrdown
# -k: Start capturing immediately.
ssh <host> tcpdump -i <IF> -w - | sudo wireshark -k -i -
```
|