|
|
| Line 261: |
Line 261: |
|
{| class="wikitable" |
|
{| class="wikitable" |
|
|- |
|
|- |
|
! Header text !! Header text |
|
! Description !! Command |
|
|- |
|
|- |
|
General TCPDump command |
|
|General TCPDump command || tcpdump -s 0 -w packet_capture.cap |
|
|
|- |
|
tcpdump -s 0 -w packet_capture.cap |
|
|
⚫ |
|Capture packets from a particular interface || tcpdump -i eth1 |
|
|
|
|
|
|- |
| ⚫ |
*Capture packets from a particular interface |
|
|
⚫ |
|Capture only N number of packets || tcpdump -c 200 -i eth0 |
|
tcpdump -i eth1 |
|
|
|
|- |
|
|
|
|
⚫ |
|Display Captured Packets in ASCII || tcpdump -A -i eth0 |
| ⚫ |
*Capture only N number of packets |
|
|
|
|- |
|
tcpdump -c 200 -i eth0 |
|
|
⚫ |
|Display Captured Packets in HEX and ASCII || tcpdump -XX -i eth0 |
|
|
|
|
|
|- |
| ⚫ |
*Display Captured Packets in ASCII |
|
|
tcpdump -A -i eth0
|
|
|Capture the packets and write into a file || tcpdump -w 08232010.pcap -i eth0 |
|
|
|- |
|
|
|
|
⚫ |
|Capture packets with IP address without DNS resolution || tcpdump -n -i eth0 |
| ⚫ |
*Display Captured Packets in HEX and ASCII |
|
|
|
|- |
|
tcpdump -XX -i eth0 |
|
|
⚫ |
|Capture packets with proper readable timestamp || tcpdump -n -tttt -i eth0 |
|
|
|
|
|
|- |
|
*Capture the packets and write into a file |
|
|
⚫ |
|Read packets only longer or smaller than N bytes || tcpdump -w capture.pcap greater 1024 |
| ⚫ |
tcpdump -w 08232010.pcap -i eth0 |
|
|
|
|- |
|
|
|
|
⚫ |
| ||tcpdump -w capture.pcap less 1024 |
| ⚫ |
*Capture packets with IP address without DNS resolution |
|
|
|
|- |
|
tcpdump -n -i eth0 |
|
|
⚫ |
|Receive only the packets of a specific protocol type || tcpdump -i eth0 arp |
|
|
|
|
|
|- |
| ⚫ |
*Capture packets with proper readable timestamp |
|
|
⚫ |
|Receive packets flows on a particular port || tcpdump -i eth0 port 22 |
|
tcpdump -n -tttt -i eth0 |
|
|
|
|- |
|
|
|
|
⚫ |
|Capture packets for particular destination IP and Port || tcpdump -w xpackets.pcap -i eth0 dst 10.181.140.216 and port 22 |
| ⚫ |
*Read packets only longer or smaller than N bytes |
|
|
|
|- |
|
tcpdump -w capture.pcap greater 1024 |
|
|
⚫ |
|Capture TCP communication packets between two hosts || tcpdump -w comm.pcap -i eth0 udp and \(host 172.20.68.176 and host 172.24.173.9\) |
|
tcpdump -w capture.pcap less 1024 |
|
|
|
|- |
|
|
|
|
⚫ |
|Filter Packets – Capture all the packets other than arp and rarp || tcpdump -i eth0 not arp and not rarp |
| ⚫ |
*Receive only the packets of a specific protocol type |
|
|
|
|- |
|
tcpdump -i eth0 arp |
|
|
⚫ |
| || “and”, “or” and “not” condition are used to filter the packets |
|
|
|
| ⚫ |
*Receive packets flows on a particular port |
|
|
tcpdump -i eth0 port 22 |
|
|
|
|
|
*Capture packets for particular destination IP and Port |
|
| ⚫ |
tcpdump -w xpackets.pcap -i eth0 dst 10.181.140.216 and port 22 |
|
|
|
|
|
*Capture TCP communication packets between two hosts |
|
|
tcpdump udp and \(host and host \) |
|
| ⚫ |
tcpdump -w comm.pcap -i eth0 udp and \(host 172.20.68.176 and host 172.24.173.9\) |
|
|
|
|
| ⚫ |
*Filter Packets – Capture all the packets other than arp and rarp |
|
|
tcpdump -i eth0 not arp and not rarp |
|
|
|
|
|
|} |
|
|} |
| ⚫ |
“and”, “or” and “not” condition are used to filter the packets |
|
|
<br /> |
|
<br /> |
|
<br /> |
|
<br /> |