Tcpdump examples

See the list of interfaces on which tcpdump can listen:

Listen on interface eth0:

Listen on any available interface (cannot be done in promiscuous mode. Requires Linux kernel 2.2 or greater):

Be verbose while capturing packets:

Be more verbose while capturing packets:

Be very verbose while capturing packets:

Be verbose and print the data of each packet in both hex and ASCII, excluding the link level header:

Be verbose and print the data of each packet in both hex and ASCII, also including the link level header:

Be less verbose (than the default) while capturing packets:

Limit the capture to 100 packets:

Record the packet capture to a file called capture.cap:

Record the packet capture to a file called capture.cap but display on-screen how many packets have been captured in real-time:

Display the packets of a file called capture.cap:

Display the packets using maximum detail of a file called capture.cap:

Display IP addresses and port numbers instead of domain and service names when capturing packets (note: on some systems you need to specify -nn to display port numbers):

Capture any packets where the destination host is 192.168.1.1. Display IP addresses and port numbers:

Capture any packets where the source host is 192.168.1.1. Display IP addresses and port numbers:

Capture any packets where the source or destination host is 192.168.1.1. Display IP addresses and port numbers:

Capture any packets where the destination network is 192.168.1.0/24. Display IP addresses and port numbers:

Capture any packets where the source network is 192.168.1.0/24. Display IP addresses and port numbers:

Capture any packets where the source or destination network is 192.168.1.0/24. Display IP addresses and port numbers:

Capture any packets where the destination port is 23. Display IP addresses and port numbers:

Capture any packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:

Capture only TCP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:

Capture only UDP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:

Capture any packets with destination IP 192.168.1.1 and destination port 23. Display IP addresses and port numbers:

Capture any packets with destination IP 192.168.1.1 and destination port 80 or 443. Display IP addresses and port numbers:

Capture any ICMP packets:

Capture any ARP packets:

Capture either ICMP or ARP packets:

Capture any packets that are broadcast or multicast:

Capture 500 bytes of data for each packet rather than the default of 68 bytes:

Capture all bytes of data within the packet:

Thx to https://www.rationallyparanoid.com/articles/tcpdump.html

Добавить комментарий

Ваш e-mail не будет опубликован. Обязательные поля помечены *