TCPDump: Difference between revisions

Content added Content deleted

Inline

@@ Line 4: / Line 4: @@
+= Basics =
-== TCPDump Filters==
+* TCPDump done with "-i any" will result in packets with No Ethernet Headers captured in wireshark.
+ tcpdump -i eth0
+= Filters =
 Source: [[http://www.thegeekstuff.com/2010/08/tcpdump-command-examples/ thegeekstuff.com]]
@@ Line 47: / Line 51: @@
 <br />
-=== Reading PCAPs ===
+= Reading PCAPs =
 {| class="wikitable"
@@ Line 60: / Line 64: @@
 |}
-=== TCPDump Parameters ===
+= TCPDump Parameters =
+== Modifiers ==
-====Modifiers====
 {| class="wikitable" style="width: 20%"
 |-
@@ Line 74: / Line 79: @@
 |}
-====Examples====
+== Examples ==
 {| class="wikitable"
 ! Filter !! Description
@@ Line 85: / Line 91: @@
 |}
-====Protocol keywords====
+== Protocol keywords ==
 {| class="wikitable" style="width: 30%"
 !colspan="3"|Keywords
@@ Line 98: / Line 105: @@
 |}
-====TCP Flags====
+== TCP Flags ==
 {| class="wikitable"  style="width: 30%"
 !colspan="3"|Flag Keywords
@@ Line 109: / Line 117: @@
 |}
-====Capture Filter Primitives====
+== Capture Filter Primitives ==
 {| class="wikitable"
 |-
@@ Line 145: / Line 154: @@
 |}
-===Command Line Options===
+= Command Line Options =
  -A 		Print frame payload in ASCII
@@ Line 170: / Line 179: @@
 <br />
-=== Advanced Packet Filtering ===
+= Advanced Packet Filtering =
-List interesting traffic from all the PCAP files:
+*List interesting traffic from all the PCAP files:
 <pre style="width: 2000px; overflow-x: scroll;">
  for i in `find . -type f | egrep "All.pcap"`; do echo $i; tcpdump -r $i '((host 1.1.1.1 or host 2.2.2.2) and host 3.3.3.3) and port 445' ; echo -e "\n"; done