https://hackertarget.com/tcpdump-examples/
http://openmaniak.com/fr/tcpdump.php
Berkeley format on SSR: SSR packet capture pcap on Device interface and session capture
| commands | ||||
|---|---|---|---|---|
List Interfaces: | sudo tcpdump -D | |||
DHCP traffic: | sudo tcpdump -i eth1 -vvv port bootps | |||
DNS traffic: | sudo tcpdump -vvv -s 0 -l -n port 53 | |||
TFTP: NOT Working: | sudo tcpdump -i eth1port tftp -vvvport 69 | |||
FTP traffic | tcpdump -i eth0 "port ftp or port ftp-data" | |||
| icmp / ping | tcpdump -i eth1-n icmp | |||
| multicast | | |||
| mpls or ipv6 | tcpdump -i eth1 -vvv mpls ( or ipv6 ) | |||
| vlan | | |||
Host traffic, source OR dest IP@: | sudo tcpdump -i ens33 port not 22 and host 192.168.0.16 | or hostname | ||
| sudo tcpdump -i ens3 port 930 and host 172.20.8.20 | SSR IPC | |||
Exclude SSH session: | sudo tcpdump -i eth2 port not 22 | "and port not 53" | ||
tcpdump -i eth0 "port ftp or port ftp-data" | ||||
src and dst IP@ | tcpdump 'src 192.168.0.211 or dst 192.168.0.211' | |||
Exclude SSH session: | sudo tcpdump | icmp / ping | tcpdump -i eth1-n icmp-i eth2 port not 22 | "and port not 53" |
| BGP | sudo tcpdump -i eth2 port 179 | |||
| write / save to txt file | tcpdump -i virbr0 > virbr0_dhcp.txt | redirect the output | ||
| save to wireshark file / binary | tcpdump -i virbr0 -w virbr0_dhcp.pcap | |||
| read a file | tcpdump -r traffic.pcap | |||
| tcpdump on SSR | ||||
| Any SSH traffic on any interface | sudo tcpdump -n -i any -v 'ip[1] & 0xfc == 0x10' and port 22 | ip[1]??? | ||
...