User Tools

Site Tools


networking:tcpdump

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
networking:tcpdump [2022/11/20 06:35] – created - external edit 127.0.0.1networking:tcpdump [2025/10/21 08:46] (current) srohr_admin
Line 1: Line 1:
-Networking+====== TCPdump Examples====== 
 +\\ 
 +===== Capture only ICMP packets =====
  
-<code bash> +<code>
-tcpdump -ni eth0 not port 22+
 tcpdump -ni eth0 icmp tcpdump -ni eth0 icmp
 +</code>
 +
 +===== Ignore specific port =====
 +
 +<code>
 +tcpdump -ni eth0 not port 22
 tcpdump -ni eth0 tcp and not port 22 tcpdump -ni eth0 tcp and not port 22
 +</code>
 +
 +===== Multiple match criteria =====
 +Use logic and/or/not parameters in the match statement
 +
 +<code>
 +tcpdump -ni enp1s9 dst 192.168.6.1 and port 443
 +tcpdump -ni enp1s9 src 192.168.6.2 and dst port 80
 +tcpdump -ni enp1s9 dst 192.168.6.1 and src 192.168.6.2 and src port 80
 +</code>
 +
 +===== Multiple match criteria with  and/or logic =====
 +Use brackets () to group matches together
 +<code>
 +tcpdump -ni eth0 \(tcp or udp\) and \(port 80 or 443 or 53\)
 +</code>
 +
 +===== Write captured packets to a file =====
 +
 +<code>
 tcpdump -ni eth0 -s 1500 -w /tmp/capture.pcap tcpdump -ni eth0 -s 1500 -w /tmp/capture.pcap
 tcpdump -ni eth0 -s 1500 -w /tmp/capture.pcap tcp and not port 22 tcpdump -ni eth0 -s 1500 -w /tmp/capture.pcap tcp and not port 22
- 
 tcpdump -ni eth0 -s 1500 -w /tmp/capture.pcap \(tcp or udp\) and \(port 80 or 443 or 53\) tcpdump -ni eth0 -s 1500 -w /tmp/capture.pcap \(tcp or udp\) and \(port 80 or 443 or 53\)
 </code> </code>
 +
 +
networking/tcpdump.1668926106.txt.gz · Last modified: 2022/11/20 06:35 by 127.0.0.1

Except where otherwise noted, content on this wiki is licensed under the following license: CC0 1.0 Universal
CC0 1.0 Universal Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki