SINT - tcpdump
How-to:
- monitor tcp packets on interface eth0 and print absolute, rather than relative, TCP sequence numbers
# tcpdump -S tcp -i eth0
- monitor udp packets on interface eth0 and don't convert addresses nor ports to names
# tcpdump -n udp -i eth0
- monitor arp packets on interface eth0
# tcpdump arp -i eth0
- monitor icmp packets on interface eth0
# tcpdump icmp -i eth0
- monitor traffic from/to certain port
- as before, but from src port
- as before, but to dst port
- as before, but from src port and proto udp
# tcpdump port 53 # tcpdump src port 53 # tcpdump dst port 53 # tcpdump src port 53 and udp
- monitor traffic in network 192.168.1.0 with mask 255.255.255.0
# tcpdump net 192.168.1.0/24
- monitor traffic to any port in specified range
# tcpdump portrange 80-8080
- grouping: monitor traffic in subnet 192.168.1.0/24 to dst ports 21 or 22
# tcpdump 'net 192.168.1.0/24 and (dst port 21 or 22)'
etc...
date: Mon, 26 Mar 2012 20:14:32 +0000
link: CyberAsylum.eu/sint-tcpdump