https://hackertarget.com/tcpdump-examples/
...
commands | ||
---|---|---|
List Interfaces: | sudo tcpdump -D | |
DHCP traffic: | sudo tcpdump -i eth1 -vvv port bootps | |
DNS traffic: | sudo tcpdump -vvv -s 0 -l -n port 53 | |
TFTP: | sudo tcpdump -i eth1 port 69 | |
FTP traffic | tcpdump -i eth0 "port ftp or port ftp-data" | |
icmp / ping | tcpdump -i eth1-n icmp | |
multicast |
| |
mpls or ipv6 | tcpdump -i eth1 -vvv mpls ( or ipv6 ) | |
Host traffic, source OR dest IP@: | sudo tcpdump -i ens33 port not 22 and host 192.168.0.16 | or hostname |
sudo tcpdump -i ens3 port 930 and host 172.20.8.20 | SSR IPC | |
src and dst IP@ | tcpdump 'src 192.168.0.211 or dst 192.168.0.211' | |
Exclude SSH session: | sudo tcpdump -i eth2 port not 22 | "and port not 53" |
write / save to txt file | tcpdump -i virbr0 > virbr0_dhcp.txt | redirect the output |
save to wireshark file / binary | tcpdump -i virbr0 -w virbr0_dhcp.pcap | |
read a file | tcpdump -r traffic.pcap | |
tcpdump on SSR | ||
Any SSH traffic on any interface | sudo tcpdump -n -i any -v 'ip[1] & 0xfc == 0x10' and port 22 | ip[1]??? |
...