software:tcpdump
tcpdump
An assortment of capture filters because my brain has other things to remember and “port not 22” never sticks.
This guy has a longer list: https://danielmiessler.com/study/tcpdump/
Note: The “not” goes after the command, e.g. port not 22
.
# no lookups (DNS or port, OMFG I hate the port names) and specify the interface tcpdump -nni eth0 # src or dst tcpdump -nn host 1.1.1.1 tcpdump -nn src 1.1.1.1 and dst 1.0.0.1 # not port 22 tcpdump port not 22 # you can also use src/dst with ports tcpdump -nn src port 22 # packet size tcpdump -nn less 32 tcpdump -nn greater 64
-X : Show the packet’s contents in both hex and ASCII. -XX : Same as -X, but also shows the ethernet header. -D : Show the list of available interfaces -l : Line-readable output (for viewing as you save, or sending to other commands) -q : Be less verbose (more quiet) with your output. -t : Give human-readable timestamp output. -tttt : Give maximally human-readable timestamp output. -i eth0 : Listen on the eth0 interface. -vv : Verbose output (more v’s gives more output). -c : Only get x number of packets and then stop. -s : Define the snaplength (size) of the capture in bytes. Use -s0 to get everything, unless you are intentionally capturing less. -S : Print absolute sequence numbers. -e : Get the ethernet header as well. -q : Show less protocol information.
software/tcpdump.txt · Last modified: 2023-08-26 18:15 by dave