How To Capture Packets with TCPDUMP?
2014-11-01 22:01
281 查看
http://linux-circles.blogspot.com/2012/11/how-to-capture-packets-with-tcpdump.html
See the list of interfaces on which tcpdump can listen
# /usr/sbin/tcpdump -D
Listen on any available interface
# /usr/sbin/tcpdump -i any
Verbose Mode
# /usr/sbin/tcpdump -v
# /usr/sbin/tcpdump -vv
# /usr/sbin/tcpdump -vvv
# /usr/sbin/tcpdump -q
Limit the capture to an number of packets N
# /usr/sbin/tcpdump -c N
Display IP addresses and port numbers when capturing packets
# /usr/sbin/tcpdump -n
Capture any packets where the destination host is 192.168.0.1, display IP addresses and port numbers
# /usr/sbin/tcpdump -n dst host 192.168.0.1
Capture any packets where the source host is 192.168.0.1, display IP addresses and port numbers
# /usr/sbin/tcpdump -n src host 192.168.0.1
Capture any packets where the source or destination host is 192.168.0.1, display IP addresses and port numbers
# /usr/sbin/tcpdump -n host 192.168.0.1
Capture any packets where the destination network is 192.168.10.0/24, display IP addresses and port numbers
# /usr/sbin/tcpdump -n dst net 192.168.10.0/24
Capture any packets where the source network is 192.168.10.0/24, display IP addresses and port numbers
# /usr/sbin/tcpdump -n src net 192.168.10.0/24
Capture any packets where the source or destination network is 192.168.10.0/24,display IP addresses and port numbers
# /usr/sbin/tcpdump -n net 192.168.10.0/24
Capture any packets where the destination port is 23, display IP addresses and port numbers
# /usr/sbin/tcpdump -n dst port 23
Capture any packets where the destination port is is between 1 and 1023 inclusive, display IP addresses and port numbers
# /usr/sbin/tcpdump -n dst portrange 1-1023
Capture only TCP packets where the destination port is is between 1 and 1023 inclusive,display IP addresses and port numbers
# /usr/sbin/tcpdump -n tcp dst portrange 1-1023
Capture only UDP packets where the destination port is is between 1 and 1023 inclusive, display IP addresses and port numbers
# /usr/sbin/tcpdump -n udp dst portrange 1-1023
Capture any packets with destination IP 192.168.0.1 and destination port 23,display IP addresses and port numbers
# /usr/sbin/tcpdump -n "dst host 192.168.0.1 and dst port 23"
Capture any packets with destination IP 192.168.0.1 and destination port 80 or 443,display IP addresses and port numbers
# /usr/sbin/tcpdump -n "dst host 192.168.0.1 and (dst port 80 or dst port 443)"
Capture any ICMP packets
# /usr/sbin/tcpdump -v icmp
Capture any ARP packets
# /usr/sbin/tcpdump -v arp
Capture either ICMP or ARP packets
# /usr/sbin/tcpdump -v "icmp or arp"
Capture any packets that are broadcast or multicast
# /usr/sbin/tcpdump -n "broadcast or multicast"
Capture 500 bytes of data for each packet rather than the default of 68 bytes
# /usr/sbin/tcpdump -s 500
Capture all bytes of data within the packet
# /usr/sbin/tcpdump -s 0
Monitor all packets on eth1 interface
# /usr/sbin/tcpdump -i eth1
Monitor all traffic on port 80 ( HTTP )
# /usr/sbin/tcpdump -i eth0 'port 80'
Monitor all traffic on port 25 ( SMTP )
# /usr/sbin/tcpdump -vv -x -X -s 1500 -i eth0 'port 25'
Capture only N number of packets using tcpdump -c
# /usr/sbin/tcpdump -c 2 -i eth0
Display Captured Packets in ASCII using tcpdump -A
# /usr/sbin/tcpdump -A -i eth0
Display Captured Packets in HEX and ASCII using tcpdump -XX
# /usr/sbin/tcpdump -XX -i eth0
Capture the packets and write into a file using tcpdump -w
# /usr/sbin/tcpdump -w data.pcap -i eth0
.pcap is extension
Reading the packets from a saved file using tcpdump -r
# /usr/sbin/tcpdump -tttt -r data.pcap
Capture packets with IP address using tcpdump -n
# /usr/sbin/tcpdump -n -i eth0
Capture packets with proper readable timestamp using tcpdump -tttt
# /usr/sbin/tcpdump -n -tttt -i eth0
Read packets longer than N bytes
# /usr/sbin/tcpdump -w data.pcap greater 1024
Read packets lesser than N bytes
# /usr/sbin/tcpdump -w data1024.pcap less 1024
Receive only the packets of a specific protocol type
# /usr/sbin/tcpdump -i eth0 arp
Receive packets flows on a particular port using tcpdump port
# /usr/sbin/tcpdump -i eth0 port 22
Capture packets for particular destination IP and Port
# /usr/sbin/tcpdump -w data.pcap -i eth0 dst 10.181.140.216 and port 22
Capture TCP communication packets between two hosts
# /usr/sbin/tcpdump -w data.pcap -i eth0 dst 16.181.170.246 and port 22
Tcpdump Filter Packets – Capture all the packets other than arp and rarp
# /usr/sbin/tcpdump -i eth0 not arp and not rarp
See the list of interfaces on which tcpdump can listen
# /usr/sbin/tcpdump -D
Listen on any available interface
# /usr/sbin/tcpdump -i any
Verbose Mode
# /usr/sbin/tcpdump -v
# /usr/sbin/tcpdump -vv
# /usr/sbin/tcpdump -vvv
# /usr/sbin/tcpdump -q
Limit the capture to an number of packets N
# /usr/sbin/tcpdump -c N
Display IP addresses and port numbers when capturing packets
# /usr/sbin/tcpdump -n
Capture any packets where the destination host is 192.168.0.1, display IP addresses and port numbers
# /usr/sbin/tcpdump -n dst host 192.168.0.1
Capture any packets where the source host is 192.168.0.1, display IP addresses and port numbers
# /usr/sbin/tcpdump -n src host 192.168.0.1
Capture any packets where the source or destination host is 192.168.0.1, display IP addresses and port numbers
# /usr/sbin/tcpdump -n host 192.168.0.1
Capture any packets where the destination network is 192.168.10.0/24, display IP addresses and port numbers
# /usr/sbin/tcpdump -n dst net 192.168.10.0/24
Capture any packets where the source network is 192.168.10.0/24, display IP addresses and port numbers
# /usr/sbin/tcpdump -n src net 192.168.10.0/24
Capture any packets where the source or destination network is 192.168.10.0/24,display IP addresses and port numbers
# /usr/sbin/tcpdump -n net 192.168.10.0/24
Capture any packets where the destination port is 23, display IP addresses and port numbers
# /usr/sbin/tcpdump -n dst port 23
Capture any packets where the destination port is is between 1 and 1023 inclusive, display IP addresses and port numbers
# /usr/sbin/tcpdump -n dst portrange 1-1023
Capture only TCP packets where the destination port is is between 1 and 1023 inclusive,display IP addresses and port numbers
# /usr/sbin/tcpdump -n tcp dst portrange 1-1023
Capture only UDP packets where the destination port is is between 1 and 1023 inclusive, display IP addresses and port numbers
# /usr/sbin/tcpdump -n udp dst portrange 1-1023
Capture any packets with destination IP 192.168.0.1 and destination port 23,display IP addresses and port numbers
# /usr/sbin/tcpdump -n "dst host 192.168.0.1 and dst port 23"
Capture any packets with destination IP 192.168.0.1 and destination port 80 or 443,display IP addresses and port numbers
# /usr/sbin/tcpdump -n "dst host 192.168.0.1 and (dst port 80 or dst port 443)"
Capture any ICMP packets
# /usr/sbin/tcpdump -v icmp
Capture any ARP packets
# /usr/sbin/tcpdump -v arp
Capture either ICMP or ARP packets
# /usr/sbin/tcpdump -v "icmp or arp"
Capture any packets that are broadcast or multicast
# /usr/sbin/tcpdump -n "broadcast or multicast"
Capture 500 bytes of data for each packet rather than the default of 68 bytes
# /usr/sbin/tcpdump -s 500
Capture all bytes of data within the packet
# /usr/sbin/tcpdump -s 0
Monitor all packets on eth1 interface
# /usr/sbin/tcpdump -i eth1
Monitor all traffic on port 80 ( HTTP )
# /usr/sbin/tcpdump -i eth0 'port 80'
Monitor all traffic on port 25 ( SMTP )
# /usr/sbin/tcpdump -vv -x -X -s 1500 -i eth0 'port 25'
Capture only N number of packets using tcpdump -c
# /usr/sbin/tcpdump -c 2 -i eth0
Display Captured Packets in ASCII using tcpdump -A
# /usr/sbin/tcpdump -A -i eth0
Display Captured Packets in HEX and ASCII using tcpdump -XX
# /usr/sbin/tcpdump -XX -i eth0
Capture the packets and write into a file using tcpdump -w
# /usr/sbin/tcpdump -w data.pcap -i eth0
.pcap is extension
Reading the packets from a saved file using tcpdump -r
# /usr/sbin/tcpdump -tttt -r data.pcap
Capture packets with IP address using tcpdump -n
# /usr/sbin/tcpdump -n -i eth0
Capture packets with proper readable timestamp using tcpdump -tttt
# /usr/sbin/tcpdump -n -tttt -i eth0
Read packets longer than N bytes
# /usr/sbin/tcpdump -w data.pcap greater 1024
Read packets lesser than N bytes
# /usr/sbin/tcpdump -w data1024.pcap less 1024
Receive only the packets of a specific protocol type
# /usr/sbin/tcpdump -i eth0 arp
Receive packets flows on a particular port using tcpdump port
# /usr/sbin/tcpdump -i eth0 port 22
Capture packets for particular destination IP and Port
# /usr/sbin/tcpdump -w data.pcap -i eth0 dst 10.181.140.216 and port 22
Capture TCP communication packets between two hosts
# /usr/sbin/tcpdump -w data.pcap -i eth0 dst 16.181.170.246 and port 22
Tcpdump Filter Packets – Capture all the packets other than arp and rarp
# /usr/sbin/tcpdump -i eth0 not arp and not rarp
相关文章推荐
- How to use tcpdump with examples
- How To Capture Data Packets On A Network Using Wireshark (a. k. a. Ethereal)
- How To Capture Data Packets On A Network Using Wireshark (a. k. a. Ethereal)
- How To Test your Firewall Configuration with Nmap and Tcpdump
- This article explains how to use icons with QListView
- How to Make an HTTP Connection Using TCP/IP with RSocket
- How to build runnable JARs with Spring dependencies using Maven
- [原] XAF How to use Signle() function in PersistentAlias with Many-To-Many scenario
- 如何在MMIT上使用WMLScript文件(How To Use WMLScript Files With MMIT)
- How to Use JUnit With JMeter
- Android: (2.3中实现截屏How to Capture Screen in Gingerbread)
- How to kill a dragon with various programming lang
- How To Auto Complete With Custom Values
- How To run OAI eNB (No S1) with USRP X310(1)
- How to sort an array of hashes into hashes with multiple values for a key?
- How to find the correct version of JDeveloper to use with eBusiness Suite 11i or Release 12.x
- How To Use Git Source Control with Xcode in iOS 6
- How to stop caching with jQuery and javascript
- How to control your dust collection with an Arduino (it's easy)
- How to Make an HTTP Connection Using TCP/IP with RSocket