TCPDUMP useful commands for debugging
How to Install tcpdump in Linux:
$ sudo apt-get install tcpdump [On Debian, Ubuntu and Mint]
$ sudo yum install tcpdump [On RHEL/CentOS/Fedora and Rocky Linux/AlmaLinux]
$ sudo emerge -a sys-apps/tcpdump [On Gentoo Linux]
$ sudo pacman -S tcpdump [On Arch Linux]
$ sudo zypper install tcpdump [On OpenSUSE]
Useful scenarios:
Capture Packets from Specific Interface: tcpdump -i eth0
Capture Only N Number of Packets: tcpdump -c 5 -i eth0
Print Captured Packets in ASCII: tcpdump -A -i eth0
Display Available Interfaces: tcpdump -D
Display Captured Packets in HEX and ASCII: tcpdump -XX -i eth0
Capture and Save Packets in a File: tcpdump -w 0001.pcap -i eth0
Read Captured Packets File: tcpdump -r 0001.pcap
Capture IP Address Packets: tcpdump -n -i eth0
Capture only TCP Packets: tcpdump -i eth0 tcp
Capture Packet from Specific Port: tcpdump -i eth0 port 22
Capture Packets from source IP: tcpdump -i eth0 src 192.168.0.2
Capture Packets from destination IP: tcpdump -i eth0 dst 50.116.66.139
Reference:
https://www.tecmint.com/12-tcpdump-commands-a-network-sniffer-tool/,
https://www.brianstorti.com/tcp-flow-control/,
https://www.researchgate.net/figure/TCPDump-Overview-shows-the-TCP-IP-Characteristics-flow-7_fig1_326419957
$ sudo apt-get install tcpdump [On Debian, Ubuntu and Mint]
Capture Packets from Specific Interface: tcpdump -i eth0
No comments:
Post a Comment
I'm certainly not an expert, but I'll try my hardest to explain what I do know and research what I don't know.