Friday, August 17, 2012

Packet Analyzer in Linux : tcpdump

tcpdump is a common command line packet analyzer.It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.tcpdump works on most UNIX like operating systems.


#tcpdump               –Display standard tcpdump output

#tcpdump -v ,-vv, -vvv –Display more detailed output.

#tcpdump -D          –Display available network interfaces for                          capturing

#tcpdump -n          –To display with out resolving host names                         (Display Ip address)

#tcpdump -nn           –To display with out resolving hostnames                           and ports.

#tcpdump -q            –Display quick output

#tcpdump -i eth0       –Capture traffic of interface eth0 only

#tcpdump src and dst and port 8888 –                           Display traffic through port 8888 from                  to

#tcpdump tcp           –Capture tcp traffic.

#tcpdump port http     –Capture traffic through http port(80).

#tcpdump -c 50         –Capture 50 packets.

#tcpdump host –  Display packets to or from

#tcpdump -A            –Display the content of captured packets.

#tcpdump -X           –print the packet’s contents in both hex                           and ASCII.

#tcpdump -S            –Print absolute sequence numbers along                             with the output.

#tcpdump -e            –Gets Ethernet header also.

#tcpdump -E           –Decrypt IPSEC traffic with encryption key.

#tcpdump src    –Display traffic from

#tcpdump dst    –Display traffic to

#tcpdump portrange 21-23     –Print the traffic in the specified                               port range.

#tcpdump less 300            –Display packet size below or                                     greater 300 bytes

#tcpdump greater 300

#tcpdump -w test.log         –Capture the packets to a file test.log

#tcpdump -r test.log             –To read the captured packets from file test.log

#tcpdump ‘tcp[13] & 16 != 0′    –To capture ACK packets only

1 comment: