Tcpdump: Difference between revisions
From DWIKI
mNo edit summary Tag: wikieditor |
Tag: wikieditor |
||
| Line 15: | Line 15: | ||
tcpdump -i ens192 host 192.168.101.3 and tcp port 993 | tcpdump -i ens192 host 192.168.101.3 and tcp port 993 | ||
===show connections to a certain port=== | |||
tcpdump -i eth0 tcp dst port 80 | |||
==tcpdump: NFLOG link-layer type filtering not implemented== | ==tcpdump: NFLOG link-layer type filtering not implemented== | ||
Revision as of 09:47, 12 February 2026
Docs
- http://www.rationallyparanoid.com/articles/tcpdump.html
- http://bencane.com/2014/10/13/quick-and-practical-reference-for-tcpdump/
- https://hackertarget.com/tcpdump-examples/
Tools
- wireshark
FAQ
human readable output
tcpdump -lnX
tcpdump filtering
look for host and port
tcpdump -i ens192 host 192.168.101.3 and tcp port 993
show connections to a certain port
tcpdump -i eth0 tcp dst port 80
tcpdump: NFLOG link-layer type filtering not implemented
Try adding interface (-i)
tcpdump: Mask syntax for networks only
To match a subnet use net instead of host
