networking:tcpdump
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| networking:tcpdump [2022/11/20 06:35] – created - external edit 127.0.0.1 | networking:tcpdump [2025/10/21 08:46] (current) – srohr_admin | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | Networking | + | ====== TCPdump Examples====== |
| + | \\ | ||
| + | ===== Capture only ICMP packets ===== | ||
| - | < | + | < |
| - | tcpdump -ni eth0 not port 22 | + | |
| tcpdump -ni eth0 icmp | tcpdump -ni eth0 icmp | ||
| + | </ | ||
| + | |||
| + | ===== Ignore specific port ===== | ||
| + | |||
| + | < | ||
| + | tcpdump -ni eth0 not port 22 | ||
| tcpdump -ni eth0 tcp and not port 22 | tcpdump -ni eth0 tcp and not port 22 | ||
| + | </ | ||
| + | |||
| + | ===== Multiple match criteria ===== | ||
| + | Use logic and/or/not parameters in the match statement | ||
| + | |||
| + | < | ||
| + | tcpdump -ni enp1s9 dst 192.168.6.1 and port 443 | ||
| + | tcpdump -ni enp1s9 src 192.168.6.2 and dst port 80 | ||
| + | tcpdump -ni enp1s9 dst 192.168.6.1 and src 192.168.6.2 and src port 80 | ||
| + | </ | ||
| + | |||
| + | ===== Multiple match criteria with and/or logic ===== | ||
| + | Use brackets () to group matches together | ||
| + | < | ||
| + | tcpdump -ni eth0 \(tcp or udp\) and \(port 80 or 443 or 53\) | ||
| + | </ | ||
| + | |||
| + | ===== Write captured packets to a file ===== | ||
| + | |||
| + | < | ||
| tcpdump -ni eth0 -s 1500 -w / | tcpdump -ni eth0 -s 1500 -w / | ||
| tcpdump -ni eth0 -s 1500 -w / | tcpdump -ni eth0 -s 1500 -w / | ||
| - | |||
| tcpdump -ni eth0 -s 1500 -w / | tcpdump -ni eth0 -s 1500 -w / | ||
| </ | </ | ||
| + | |||
| + | |||
networking/tcpdump.1668926106.txt.gz · Last modified: 2022/11/20 06:35 by 127.0.0.1