Packet Captures: Difference between revisions

Content added Content deleted

Inline

@@ Line 280: / Line 280: @@
 *Capture packets with IP address without DNS resolution
  tcpdump -n -i eth0
-*Reading the packets from a saved file
- tcpdump -tttt -r data.pcap
 *Capture packets with proper readable timestamp
@@ Line 309: / Line 306: @@
 <br />
 <br />
+=== Reading PCAPs ===
+*Reading the packets from a saved file
+ tcpdump -tttt -r data.pcap
+ tcpdump -e -nn -vv -r traffic.dump
+ tcpdump -XX -r eth0_Merged.pcap
 === TCPDump Parameters ===
-;Modifiers
+====Modifiers====
-<pre>
-! or not
-&& or and
-|| or or
-</pre>
+ ! or not
-;Examples
+ && or and
-<pre>
+ || or or
-udp dst port not 53		UDP not bound for port 53
-host 10.0.0.1 && host 10.0.0.2	Traffic between these hosts
-tcp dst port 80 or 8080		Packets to either TCP port
+====Examples====
-</pre>
+ udp dst port not 53		UDP not bound for port 53
+ host 10.0.0.1 && host 10.0.0.2	Traffic between these hosts
+ tcp dst port 80 or 8080		Packets to either TCP port
+====Protocols====
-;Protocols
-<pre>
 arp			ether
 icmp			ip
@@ Line 333: / Line 339: @@
 rarp			tcp
 udp			wlan
-</pre>
-;TCP Flags
+====TCP Flags====
-<pre>
 tcp-urg			tcp-rst
 tcp-ack			tcp-syn
 tcp-psh			tcp-fin
-</pre>
-;Capture Filter Primitives
+====Capture Filter Primitives====
-<pre>
 [src|dst] host <host> 				Matches a host as the IP source, destination, or either
 ether [src|dst] host <ehost> 			Matches a host as the Ethernet source, destination, or either
@@ Line 359: / Line 365: @@
 mpls [<label>] 					Matches MPLS packets, optionally with a label of label
 <expr> <relop> <expr> 				Matches packets by an arbitrary expression
-</pre>
-;Command Line Options
+====Command Line Options====
-<pre>
 -A 		Print frame payload in ASCII
 -c <count> 	Exit after capturing count packets
@@ Line 386: / Line 392: @@
 -X 		Print frame payload in hex and ASCII
 -y <type> 	Specify the data link type
-</pre>
 <br />