Scribd
Upload
128 views

Generic Commands Tcpdump

Tcpdump is a command line tool used to monitor and capture live network traffic. It can be used to check traffic received by a firewall from a specific IP address, filter traffic by network interface and port, write captured traffic to a pcap file, and capture only SYN packets for fingerprinting using filters. Options include specifying an interface, packet size, output file, number of packets to capture, and time limit.

Uploaded by

marco
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
128 views

Generic Commands Tcpdump

Tcpdump is a command line tool used to monitor and capture live network traffic. It can be used to check traffic received by a firewall from a specific IP address, filter traffic by network interface and port, write captured traffic to a pcap file, and capture only SYN packets for fingerprinting using filters. Options include specifying an interface, packet size, output file, number of packets to capture, and time limit.

Uploaded by

marco
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

 generic commands tcpdump

 tcpdump check live network traffic

tcpdump #to monitor packet flow passing through a network interface

tcpdump -i <interface> -s 65535 -w <file> #to open the file with wireshark

#samples

tcpdump -nvvi any host 172.16.16.17 #to check traffic received by the
firewall from the .17 ip address

tcpdump -i eth1 host 192.168.1.25 and port 80 #to filter also by network
interface

tcpdump -nei any host 192.168.1.25 and port 80

tcpdump port 6677 #to check the traffic flow on the


specified port

tcpdump -D #to list all available interfaces on which you are


able to sniff traffic

tcpdump -nn port 80 -s0 -w /log/capture.pcap –btcpdump #to write the pcap
file –advanced shell command

nohup tcpdump -veni any -As0 -w /var/storage/authfail.pcap -C 100 -W 10


#to ring buffered tcpdump

nohup tcpdump -veni any -As0 -xX -bw /tmp/capture.pcap -W50 -C 10 &&
tcpdump -i any -w /persist/tmp/filename.tcpdump

tcpdump -i <interface> -s 0 -C 100 -W 5 -w /persist/tmp/[filename.tcpdump]

tcpdump -i any -s 0 -C 100 -W 5 -w /persist/tmp/[filename.tcpdump]

tcpdump src <srcIP> and dst <dstIP> -w file.pcap

tcpdump ether host e8:2a:ea:44:55:66 #to filter by mac address

 to check dropped packet


drppkt -i any host 165.206.191.83 and port 8080

 FINGERPRINTING - Capture syn packets


tcpdump -i eth0 -s0 'tcp[tcpflags] & tcp-syn != 0 and host 10.99.116.79 and
port 8080' -w /persist/tmp/tcpdump.pcap

# FINGERPRINTING - Wireshark filter (if have a complete capture)

tcp.flags.syn==1 && tcp.flags.ack==0 && ip.src==10.12.0.137

# FINGERPRINTING - p0f

/usr/local/bin/p0f -S -l -s /persist/tmp/tcpdump.pcap

You might also like