networking:tcpdump
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | |||
| networking:tcpdump [2025/10/21 08:29] – srohr_admin | networking:tcpdump [2025/10/21 08:46] (current) – srohr_admin | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | Networking | + | ====== TCPdump Examples====== |
| + | \\ | ||
| + | ===== Capture only ICMP packets ===== | ||
| - | < | + | < |
| - | tcpdump -ni eth0 not port 22 | + | |
| tcpdump -ni eth0 icmp | tcpdump -ni eth0 icmp | ||
| + | </ | ||
| + | |||
| + | ===== Ignore specific port ===== | ||
| + | |||
| + | < | ||
| + | tcpdump -ni eth0 not port 22 | ||
| tcpdump -ni eth0 tcp and not port 22 | tcpdump -ni eth0 tcp and not port 22 | ||
| - | tcpdump -ni eth0 -s 1500 -w /tmp/ | + | </code> |
| - | tcpdump -ni eth0 -s 1500 -w / | + | |
| - | tcpdump -ni eth0 -s 1500 -w /tmp/capture.pcap \(tcp or udp\) and \(port 80 or 443 or 53\) | + | ===== Multiple match criteria ===== |
| + | Use logic and/or/not parameters in the match statement | ||
| + | < | ||
| tcpdump -ni enp1s9 dst 192.168.6.1 and port 443 | tcpdump -ni enp1s9 dst 192.168.6.1 and port 443 | ||
| tcpdump -ni enp1s9 src 192.168.6.2 and dst port 80 | tcpdump -ni enp1s9 src 192.168.6.2 and dst port 80 | ||
| tcpdump -ni enp1s9 dst 192.168.6.1 and src 192.168.6.2 and src port 80 | tcpdump -ni enp1s9 dst 192.168.6.1 and src 192.168.6.2 and src port 80 | ||
| + | </ | ||
| + | ===== Multiple match criteria with and/or logic ===== | ||
| + | Use brackets () to group matches together | ||
| + | < | ||
| + | tcpdump -ni eth0 \(tcp or udp\) and \(port 80 or 443 or 53\) | ||
| + | </ | ||
| + | ===== Write captured packets to a file ===== | ||
| + | |||
| + | < | ||
| + | tcpdump -ni eth0 -s 1500 -w / | ||
| + | tcpdump -ni eth0 -s 1500 -w / | ||
| + | tcpdump -ni eth0 -s 1500 -w / | ||
| </ | </ | ||
| + | |||
| + | |||
networking/tcpdump.txt · Last modified: 2025/10/21 08:46 by srohr_admin