Kmaiti

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Wednesday, 12 January 2011

How to use tcpdump command to capture the network packet?

Posted on 21:30 by Unknown
1. Capture complete to tcp packets :


tcpdump -nnvXSs 1514 -c2 tcp


* host // look for traffic based on IP address (also works with hostname if you're not using -n)

# tcpdump host 1.2.3.4

* src, dst // find traffic from only a source or destination (eliminates one side of a host conversation)

# tcpdump src 2.3.4.5
# tcpdump dst 3.4.5.6

* net // capture an entire network using CIDR notation

# tcpdump net 1.2.3.0/24

* proto // works for tcp, udp, and icmp. Note that you don't have to type proto

# tcpdump icmp

* port // see only traffic to or from a certain port

# tcpdump port 3389
* src, dst port // filter based on the source or destination port

# tcpdump src port 1025
# tcpdump dst port 389

* src/dst, port, protocol // combine all three

# tcpdump src port 1025 and tcp
# tcpdump udp and src port 53

* Port Ranges // see traffic to any port in a range
tcpdump portrange 21-23

* Packet Size Filter // only see packets below or above a certain size (in bytes)
tcpdump less 32
tcpdump greater 128

[ You can use the symbols for less than, greater than, and less than or equal / greater than or equal signs as well. ]
// filtering for size using symbols
tcpdump > 32
tcpdump <= 128

Capture all Port 80 Traffic to a File

# tcpdump -s 1514 port 80 -w capture_file

Much important * :
--------------
Then, at some point in the future, you can then read the traffic back in like so:

Read Captured Traffic back into tcpdump

# tcpdump -r capture_file
-------------

Logical expression :
1. AND
and or &&
2. OR
or or ||
3. EXCEPT
not or !

TCP traffic from 10.5.2.3 destined for port 3389:

# tcpdump -nnvvS tcp and src 10.5.2.3 and dst port 3389

Traffic originating from the 192.168 network headed for the 10 or 172.16 networks:

# tcpdump -nvX src net 192.168.0.0/16 and dst net
10.0.0.0/8 or 172.16.0.0/16

Non-ICMP traffic destined for 192.168.0.2 from the 172.16 network:

# tcpdump -nvvXSs 1514 dst 192.168.0.2 and src net
172.16.0.0/16 and not icmp

Traffic originating from Mars or Pluto that isn't to the SSH port: // requires name resolution

# tcpdump -vv src mars or pluto and not dst port 22
=========

PS: Made it more available in the internet.
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • NDMP communication failure error
    Guys, Issue : Netbackup server sends alert NDMP communication failure once everyday. But there is no issue to run scheduled backup jobs. Env...
  • How to store sftp log messages in custom file on RHEL 6?
    How to setup chrooted sftp account on RHEL 6? $groupadd sftponly $$useradd user123 $usermod -d /myhome -g sftponly -s /bin/false user123 $mk...
  • How to make bridge over VLAN?
    How to make bridge over VLAN? Bridging over VLAN's : By constructing a bridge between a "normal" and a "VLAN" ethern...
  • unable connect to socket: No route to host (113)
    Guys, This error message usually comes when you try to access remote linux desktop using vncviewer. Please check the firewall in the linux s...
  • How to install pdo_mysql module with php on 64 bit linux machine?
    Guys, The PHP Data Objects (PDO) extension defines a lightweight, consistent interface for accessing databases in PHP. Each database driver ...
  • Directory lookup for the file "C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\HTMLPDF.mdf" failed with the operating system error 3
    Guys, I got this error when I was restoring one database on mssql 2005(win 2003). I have tried to override the DB but still got the error me...
  • How to limit CPU ususage for a process?
    Here are the steps those I followed : Install cpulimit binary:- Type the following commands to install latest stable release: # cd /tmp # wg...
  • Cannot find config.m4 + phpize +Resolved
    Guys, I got the same error messages and sorted out it. Here is the error that I got. ===== root@server [/home/cpeasyapache/src/php-5.2.9/ext...
  • What is Fibre Channel?
    What is Fibre Channel? Fibre Channel (FC) is a transport protocol commonly used in storage networks. A common misunderstanding is that FC an...
  • configure: error: could not find library containing RSA_new
    Guys, It seems you have enabled the SSL option during configuring the package. Please either resolve that dependency or disable the SSL opti...

Categories

  • ACL
  • ESX
  • Linux
  • Storage
  • UCS

Blog Archive

  • ►  2013 (5)
    • ►  May (1)
    • ►  April (3)
    • ►  February (1)
  • ►  2012 (10)
    • ►  July (1)
    • ►  June (1)
    • ►  April (1)
    • ►  March (3)
    • ►  February (3)
    • ►  January (1)
  • ▼  2011 (86)
    • ►  December (3)
    • ►  November (2)
    • ►  September (19)
    • ►  August (9)
    • ►  July (5)
    • ►  June (9)
    • ►  May (12)
    • ►  April (3)
    • ►  March (4)
    • ►  February (5)
    • ▼  January (15)
      • "Virtual Memory is NOT Virtual"...kamal maiti
      • How to allow secure mail SMTP ports at the firewall?
      • How to check the network driver on the linux machine?
      • How to increase the size of virtual memory on linux?
      • How to use tcpdump command to capture the network ...
      • First assembly programme on 64bit linux machine??
      • How to create shared object file on linux ?
      • How kernel invokes system call function on linux ?
      • How to install video player(real player) on linux ...
      • How to install mplayer on linux machine?
      • configure: error: could not find library containin...
      • How to install subversion (svn) on linux ?
      • How to install ksar on linux machine?
      • How to configure tata photon + on linux machine + ...
      • ATDT#777 ERROR --> Invalid dial command
  • ►  2010 (152)
    • ►  December (9)
    • ►  November (34)
    • ►  October (20)
    • ►  September (14)
    • ►  August (24)
    • ►  July (19)
    • ►  June (3)
    • ►  May (25)
    • ►  April (3)
    • ►  January (1)
Powered by Blogger.