Monday, January 16, 2017

Frequently used tcpdump commands

* View available network interfaces
tcpdump -D

* Capture and prints only 10 packets from a single available interface:
tcpdump -i [any_available_interface] -c 10

* Capture and prints packets from a single available interface and display more contents inside packets.
tcpdump -l -v -i [any_available_interface]

* Capture packets and grep for a specific word.
tcpdump -l -v -i [any_available_interface] | grep [any_possible_available_word]

* Capture and prints packet details including header values in ASCII and HEX
tcpdump -l -v -X -i [any_available_interface]

* Capture and prints tcp packets from specific_src_IP:port 80 to specific_dst_IP
tcpdump -l -i [any_available_interface] port 80 and dst [any_available_IP] and src [any_available_IP] and tcp

* Capture packets from specified host and write those packets to a file.
tcpdump -w /file/path.pcap -l -i lo host [any_available_IP]

* Read and filter the packets through port 80 from above saved file and print details.
tcpdump -r /file/path.pcap -l -v port 80

No comments:

Post a Comment