https://hackertarget.com/tcpdump-examples/
http://openmaniak.com/fr/tcpdump.php
Berkeley format on SSR: SSR packet capture pcap on Device interface and session capture
commands | ||||||
---|---|---|---|---|---|---|
List Interfaces: | sudo tcpdump -D | |||||
DHCP traffic: | sudo tcpdump -i eth1 -vvv port bootps | |||||
DNS traffic: | sudo tcpdump -vvv -s 0 -l -n port 53 | |||||
TFTP: NOT Working: | sudo tcpdump -i eth1 porttftp -vvv69 | |||||
FTP traffic | tcpdump -i eth0 "port ftp or port ftp-data" | |||||
icmp / ping | tcpdump -i eth1-n icmp | |||||
multicast |
| |||||
mpls or ipv6 | tcpdump -i eth1 -vvv mpls ( or ipv6 ) | |||||
vlan |
| |||||
Host traffic, source OR dest IP@: | sudo tcpdump -i ens33 port not 22 and host 192.168.0.16 | or hostname | Exclude SSH session: | sudo tcpdump|||
sudo tcpdump -i | eth2 port not 22"and port not 53" | FTP traffic | tcpdump -i eth0 "port ftp or port ftp-data" | ens3 port 930 and host 172.20.8.20 | SSR IPC | |
src and dst IP@ | tcpdump 'src 192.168.0.211 or dst 192.168.0.211' | |||||
Exclude SSH session: | sudo tcpdump | icmp / ping | tcpdump -i eth1-n icmp | -i eth2 port not 22 | "and port not 53" | |
BGP | sudo tcpdump -i eth2 port 179 | |||||
write / save to txt file | tcpdump -i virbr0 > virbr0_dhcp.txt | redirect the output | ||||
save to wireshark file / binary | tcpdump -i virbr0 -w virbr0_dhcp.pcap | |||||
read a file | tcpdump -r traffic.pcap | |||||
tcpdump on SSR | ||||||
Any SSH traffic on any interface | sudo tcpdump -n -i any -v 'ip[1] & 0xfc == 0x10' and port 22 | ip[1]??? | ||||
...