...
...
...
http://wwwopenmaniak.rationallyparanoid.com/articlesfr/tcpdump.htmlphp
commands | ||
---|---|---|
List Interfaces: | sudo tcpdump -D | |
DHCP traffic: | sudo tcpdump -i eth1 -vvv port bootps | |
DNS traffic: | sudo tcpdump -vvv -s 0 -l -n port 53 | |
TFTP : NOT Working: | sudo tcpdump -i eth1 port tftp -vvv | |
Host traffic, source OR dest IP@: | sudo tcpdump -i ens33 port not 22 and host 192.168.0.16 | or hostname |
Exclude SSH session: | sudo tcpdump -i eth2 port not 22 | "and port not 53" |
FTP traffic | tcpdump -i eth0 "port ftp or port ftp-data" | |
src and dst IP@ | tcpdump 'src 192.168.0.211 or dst 192.168.0.211' | |
icmp / ping | tcpdump -i eth1-n icmp | |
save to txt file | tcpdump -i virbr0 > virbr0_dhcp.txt | redirect the output |
save to wireshark file / binary | tcpdump -i virbr0 -w virbr0_dhcp.pcap | |
...