Sunday, September 30, 2012

tcpdump tutorial


tcpdump -D
tcpdump -i eth0 v
tcpdump -i eth0 port http (to display only http traffic)
tcpdump -n (to display numeric IPs)
tcpdump -w session filename.log (captures data to a file)
tcpdump -r session filename.log (displays the content of the captured session)
This is a very concise excellent quick guide of the main commands:
http://openmaniak.com/tcpdump.php
To use wireshark to view packets captured with tcpdump:
tcpdump -i -s 65535 -w

Tcpdum for Windows available here


No comments: