tcpdump
Commands
tcpdump --version
tcpdump -D
tcpdump -i InterfaceName
tcpdump -n
tcpdump -nn
tcpdump -e
tcpdump -X
tcpdump -XX
tcpdump -v
tcpdump -vv
tcpdump -vvv
tcpdump -S
tcpdump -q
tcpdump -i InterfaceName -w file.pcap
tcpdump -r file.pcap
tcpdump -w capture_file.pcap
Filters
tcpdump src host 192.168.1.1 && port 80
tcpdump src host 192.168.1.1 or dst host 192.168.1.2
tcpdump not udp
tcpdump -c 10
tcpdump -s 64
tcpdump greater 1000
tcpdump less 500
tcpdump src host 192.168.1.1
tcpdump dst host 192.168.1.1
tcpdump net 192.168.1.0/24
tcpdump -i (int) host (ip)
tcpdump -i (int) port (#)
tcpdump portrange 1000-2000
tcpdump -i (int) proto ICMP
tcpdump -i (int) proto 6
Protocol Number List
ICMP
(Internet Control Message Protocol) ->1
IGMP
(Internet Group Management Protocol) ->2
TCP
(Transmission Control Protocol) ->6
UDP
(User Datagram Protocol) ->17
OSPF
(Open Shortest Path First) ->89
EIGRP
(Enhanced Interior Gateway Routing Protocol) ->88
AH
(Authentication Header) ->51
ESP
(Encapsulating Security Payload) ->50
GRE
(Generic Routing Encapsulation) ->47
IPv6
(Internet Protocol version 6) ->41
IPv4
(Internet Protocol version 4) ->4
DCCP
(Datagram Congestion Control Protocol) ->33
SCTP
(Stream Control Transmission Protocol) ->132
RARP
(Reverse Address Resolution Protocol) ->3
PPTP
(Point-to-Point Tunneling Protocol) ->115
MPLS
(Multiprotocol Label Switching) ->89
X.25
->93
FDDI
(Fiber Distributed Data Interface) ->97
Last updated