Difference between revisions of "Tcpdump howto"

From thelinuxwiki
Jump to: navigation, search
(Pushed from Themanclub.)
 
Line 16: Line 16:
 
== filtering for specific sources and destinations ==
 
== filtering for specific sources and destinations ==
 
   tcpdump -nnei eth1-01 '((host 192.168.1.1 and host 172.16.0.1) or (host 10.0.0.1 and host 172.16.0.1))'
 
   tcpdump -nnei eth1-01 '((host 192.168.1.1 and host 172.16.0.1) or (host 10.0.0.1 and host 172.16.0.1))'
 +
 +
 +
== gentoo output file ==
 +
default location /var/lib/tcpdump/
  
  
 
[[Category:Linux]]
 
[[Category:Linux]]

Revision as of 18:30, 24 July 2013

Changing packet size in the capture file:

By default, when capturing packets into a file, it will save only 68 bytes of the data from each packet. The -s command line switch tells tcpdump how many bytes for each packet to save. Specifying 0 as a packet’s snapshot length tells tcpdump to save whole packet.

example: tcpdump -w file.cap -s 0


UNIX tcpdump 3.9.4(Freebsd, ipso)


Showing link level headers (MAC addresses) 

 tcpdump -e -i ethxxx


filtering for specific sources and destinations 

 tcpdump -nnei eth1-01 '((host 192.168.1.1 and host 172.16.0.1) or (host 10.0.0.1 and host 172.16.0.1))'


gentoo output file 

default location /var/lib/tcpdump/
Retrieved from "http://www.thelinuxwiki.com/index.php?title=Tcpdump_howto&oldid=452"