The usage of tcpdump is tcpdump followed by any of the commands below
-i any : Listen on all interfaces just to see if you're seeing any traffic.
-n : Don't resolve hostnames.
-nn : Don't resolve hostnames or port names.
-X : Show the packet's contents in both hex and ASCII.
-XX : Same as -X, but also shows the ethernet header.
-v, -vv, -vvv : Increase the amount of packet information you get back.
-c : Only get x number of packets and then stop.
-S : Print absolute sequence numbers.
-e : Get the ethernet header as well.
-q : Show less protocol information.
-E : Decrypt IPSEC traffic by providing an encryption key.
-s : Set the snaplength, i.e. the amount of data that is being captured in bytes
-c : Only capture x number of packets, e.g. 'tcpdump -c 3'
It's also important to note that
tcpdump only takes the first 96 bytes of data from a packet by default. If you would like to look at more, add the -s number option to the mix, where number is the number of bytes you want to capture.You will see something like this
If you are looking for something specific, you can use the following options as well,
tcpdump host 1.2.1.2
tcpdump src 10.12.32.13 (scans all packets from the given source)
tcpdump dst 23.43.23.23 (scans packets from to the given destination)
Suppose you want to scan only specific packets, say only ICMP packets,
tcpdump icmp
tcpdump portrange 23-34
You can use 'and' for giving multiple options,
tcpdump src port 23 and tcp
Some other useful options,
tcpdump less 32 (packets below 32 Bytes)
tcpdumpgreater 128 (packet size >128)
You can also save the info that tcpdump collected to a file using
-w option, (write to file)
-r (read from a file)
If you want to analyze only IPv6 traffic, use
tcpdump ipv6
Posts
No comments:
Post a Comment