TCPDump: Difference between revisions
Content added Content deleted
(→Basics) |
|||
| Line 5: | Line 5: | ||
= Basics = |
= Basics = |
||
* TCPDump done with "-i any" will result in packets with No Ethernet Headers captured in wireshark. |
* TCPDump done with "-i any" will result in packets with No Ethernet Headers captured in wireshark. |
||
tcpdump -i eth0 |
tcpdump -i eth0 |
||
* TCPDump uses libpcap which processes packets before they get processed by IPTables. |
|||
* Therefore TCPDump will see Incoming Ping packets though they are dropped by IPTables. |
|||
* TCPDump will see inbound traffic before iptables, but will see outbound traffic only after the firewall has processed it. |
|||
= Filters = |
= Filters = |
||