Tuesday 17 December 2013

Packet capture with tcpdump

Solaris had snoop, Linux has tcpdump. Here's a couple of handy examples:

Interactive capture of traffic on interface eth0:

  • tcpdump -i eth0


Capture traffic to a file, output can be read in Wireshark:

  • tcpdump -w output.pcap -i eth0


Filter to a specific source or destination or both:

  • tcpdump -i eth0 src 192.168.100.1
  • tcpdump -i eth0 dst 192.168.100.1
  • tcpdump -i eth0 src 192.168.100.1 or dst 192.168.100.1


Further filter by port:

  • tcpdump -i eth0 src 192.168.100.1 or dst 192.168.100.1 and port 22






Posted by at No comments:
Labels: ,

Thursday 5 December 2013

Enabling ping replies through Windows 7 firewall

By default the Windows 7 firewall blocks ping. Here's how to enable a PC to respond to ping requests:


  • Open Windows firewall
  • Select Advanced settings, Inbound Rules
  • Create New Rule - 
    • Type custom
    • Apply to all programs
    • Protocol ICMPv4
    • ICMP settings, allow Echo Request only
    • Apply to any source & destination IP
    • Action, Allow the connection
    • Rule applies to all locations
    • Name it Ping
  • Refresh Inbound Rule list and it should appear, make sure it is enabled
Windows 7 will now respond to ping requests.
Posted by at No comments:
Labels: ,
Subscribe to: Posts (Atom)