Tcpdump: Difference between revisions
From DWIKI
Created page with "=Docs= *http://www.rationallyparanoid.com/articles/tcpdump.html" |
m →FAQ Tag: wikieditor |
||
| (10 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
=Docs= | =Docs= | ||
*http://www.rationallyparanoid.com/articles/tcpdump.html | *http://www.rationallyparanoid.com/articles/tcpdump.html | ||
*http://bencane.com/2014/10/13/quick-and-practical-reference-for-tcpdump/ | |||
*https://hackertarget.com/tcpdump-examples/ | |||
= Tools = | |||
*wireshark | |||
=FAQ= | |||
==Look for ping== | |||
tcpdump -i enp1s0 icmp | |||
==human readable output== | |||
tcpdump -lnX | |||
==tcpdump filtering== | |||
===look for host and port=== | |||
tcpdump -i ens192 host 192.168.101.3 and tcp port 993 | |||
===show connections to a certain port=== | |||
tcpdump -i eth0 tcp dst port 80 | |||
==tcpdump: NFLOG link-layer type filtering not implemented== | |||
Try adding interface (-i) | |||
==tcpdump: Mask syntax for networks only== | |||
To match a subnet use '''net''' instead of '''host''' | |||
[[Category:Networking]] | |||
Latest revision as of 08:43, 25 March 2026
Docs
- http://www.rationallyparanoid.com/articles/tcpdump.html
- http://bencane.com/2014/10/13/quick-and-practical-reference-for-tcpdump/
- https://hackertarget.com/tcpdump-examples/
Tools
- wireshark
FAQ
Look for ping
tcpdump -i enp1s0 icmp
human readable output
tcpdump -lnX
tcpdump filtering
look for host and port
tcpdump -i ens192 host 192.168.101.3 and tcp port 993
show connections to a certain port
tcpdump -i eth0 tcp dst port 80
tcpdump: NFLOG link-layer type filtering not implemented
Try adding interface (-i)
tcpdump: Mask syntax for networks only
To match a subnet use net instead of host
