Tuesday, 17 December 2013

Packet capture with tcpdump

Solaris had snoop, Linux has tcpdump. Here's a couple of handy examples:

Interactive capture of traffic on interface eth0:

  • tcpdump -i eth0


Capture traffic to a file, output can be read in Wireshark:

  • tcpdump -w output.pcap -i eth0


Filter to a specific source or destination or both:

  • tcpdump -i eth0 src 192.168.100.1
  • tcpdump -i eth0 dst 192.168.100.1
  • tcpdump -i eth0 src 192.168.100.1 or dst 192.168.100.1


Further filter by port:

  • tcpdump -i eth0 src 192.168.100.1 or dst 192.168.100.1 and port 22






Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)