Tcpdump: Difference between revisions
From DWIKI
m (→Docs) |
m (→FAQ) |
||
(3 intermediate revisions by the same user not shown) | |||
Line 3: | Line 3: | ||
*http://bencane.com/2014/10/13/quick-and-practical-reference-for-tcpdump/ | *http://bencane.com/2014/10/13/quick-and-practical-reference-for-tcpdump/ | ||
*https://hackertarget.com/tcpdump-examples/ | *https://hackertarget.com/tcpdump-examples/ | ||
= Tools = | |||
*wireshark | |||
=FAQ= | =FAQ= | ||
Line 15: | Line 18: | ||
==tcpdump: NFLOG link-layer type filtering not implemented== | ==tcpdump: NFLOG link-layer type filtering not implemented== | ||
Try adding interface (-i) | Try adding interface (-i) | ||
==tcpdump: Mask syntax for networks only== | |||
To match a subnet use '''net''' instead of '''host''' | |||
[[Category:Networking]] |
Latest revision as of 08:32, 5 July 2023
Docs
- http://www.rationallyparanoid.com/articles/tcpdump.html
- http://bencane.com/2014/10/13/quick-and-practical-reference-for-tcpdump/
- https://hackertarget.com/tcpdump-examples/
Tools
- wireshark
FAQ
human readable output
tcpdump -lnX
look for host and port
tcpdump -i ens192 host 192.168.101.3 and tcp port 993
tcpdump: NFLOG link-layer type filtering not implemented
Try adding interface (-i)
tcpdump: Mask syntax for networks only
To match a subnet use net instead of host