Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


https://hackertarget.com/tcpdump-examples/

http://openmaniak.com/fr/tcpdump.php


Berkeley format on SSR:   SSR packet capture pcap on Device interface and session capture


sudo  tcpdump  eth2 port not 22 

commands

List Interfaces:

sudo tcpdump -D


DHCP traffic:   

sudo tcpdump -i eth1 -vvv port bootps


DNS traffic: 

sudo tcpdump -vvv -s 0 -l -n port 53


TFTP

: NOT Working

:

 

sudo tcpdump -i eth1 port

tftp -vvv

69


FTP traffic

tcpdump -i eth0 "port ftp or port ftp-data"


icmp / ping tcpdump -i eth1-n icmp
multicast
tcpdump -i eth1 -vv net 224.0.0.0/4

mpls or ipv6tcpdump -i eth1 -vvv mpls  ( or ipv6 ) 
vlan
tcpdump -i eth1 -nn -e  vlan




Host traffic, source OR dest IP@:

sudo   tcpdump -i ens33 port not 22 and host 192.168.0.16

or hostname

Exclude SSH session:


sudo tcpdump -i

"and port not 53"

FTP traffic

tcpdump -i eth0 "port ftp or port ftp-data"

ens3 port 930 and host 172.20.8.20SSR IPC

src and dst IP@

tcpdump 'src 192.168.0.211 or dst 192.168.0.211'





Exclude SSH session:

sudo  tcpdump 

icmp / ping tcpdump -i eth1-n icmp

-i eth2 port not 22 

"and port not 53"

BGP

sudo  tcpdump -i eth2 port 179


write / save to txt file tcpdump -i virbr0  >  virbr0_dhcp.txtredirect the output
save to wireshark file / binarytcpdump -i virbr0 -w virbr0_dhcp.pcap
read a file
tcpdump -r traffic.pcap




tcpdump on SSR

Any SSH traffic on any interface
sudo tcpdump -n -i any -v 'ip[1] & 0xfc == 0x10' and port 22
ip[1]??? 



...