mirror of
https://gitea.com/mcereda/oam.git
synced 2026-02-09 05:44:23 +00:00
68 lines
1.5 KiB
Markdown
68 lines
1.5 KiB
Markdown
# tcpdump
|
|
|
|
## Table of contents <!-- omit in toc -->
|
|
|
|
1. [TL;DR](#tldr)
|
|
1. [Sources](#sources)
|
|
|
|
## TL;DR
|
|
|
|
```sh
|
|
# Get all packets in and out of an interface.
|
|
tcpdump -i 'eth0'
|
|
|
|
# Get all packets to or from a host.
|
|
tcpdump host '1.1.1.1'
|
|
|
|
# Get all packets from a source or for a destination.
|
|
tcpdump src '1.1.1.1'
|
|
tcpdump dst '1.0.0.1'
|
|
|
|
# Get all packets to or from a network.
|
|
tcpdump net '1.2.3.0/24'
|
|
|
|
# Get packets to or from ports.
|
|
tcpdump port '3389'
|
|
tcpdump portrange '21-23'
|
|
|
|
# Get packets of a protocol.
|
|
tcpdump icmp
|
|
|
|
# Get packages based on their size.
|
|
tcpdump less '32'
|
|
tcpdump greater '64'
|
|
tcpdump <= '128'
|
|
|
|
# Combine filters.
|
|
# Parenthesis must escaped, or the filter quoted.
|
|
tcpdump src port '1025'
|
|
tcpdump -nnvvS src '10.5.2.3' and dst port '3389'
|
|
tcpdump -nX src net '192.168.0.0/16' and dst net '10.0.0.0/8' or '172.16.0.0/16'
|
|
tcpdump dst '192.168.0.2' and src net and not icmp
|
|
tcpdump -vv src 'mars' and not dst port '22'
|
|
tcpdump 'src 10.0.2.4 and (dst port 3389 or 22)'
|
|
|
|
# Save results to a file.
|
|
tcpdump port '80' -w 'path/to/capture.file'
|
|
|
|
# Read packets from a file.
|
|
tcpdump -r 'path/to/capture.file'
|
|
|
|
# Isolate TCP flags.
|
|
tcpdump 'tcp[tcpflags] == tcp-fin'
|
|
|
|
# Capture and show Wake-on-Lan magic packets.
|
|
sudo tcpdump -nXxei any ether proto 0x0842 or udp port 9
|
|
```
|
|
|
|
## Sources
|
|
|
|
- [A tcpdump tutorial with examples — 50 ways to isolate traffic]
|
|
|
|
<!--
|
|
References
|
|
-->
|
|
|
|
<!-- Others -->
|
|
[a tcpdump tutorial with examples — 50 ways to isolate traffic]: https://danielmiessler.com/study/tcpdump/
|