SINT - tcpdump

How-to:

- monitor tcp packets on interface eth0 and print absolute, rather than relative, TCP sequence numbers

# tcpdump -S tcp -i eth0

- monitor udp packets on interface eth0 and don't convert addresses nor ports to names

# tcpdump -n udp -i eth0

- monitor arp packets on interface eth0

# tcpdump arp -i eth0

- monitor icmp packets on interface eth0

# tcpdump icmp -i eth0

- monitor traffic from/to certain port
- as before, but from src port
- as before, but to dst port
- as before, but from src port and proto udp

# tcpdump port 53
# tcpdump src port 53
# tcpdump dst port 53
# tcpdump src port 53 and udp 

- monitor traffic in network 192.168.1.0 with mask 255.255.255.0

# tcpdump net 192.168.1.0/24

- monitor traffic to any port in specified range

# tcpdump portrange 80-8080

- grouping: monitor traffic in subnet 192.168.1.0/24 to dst ports 21 or 22

# tcpdump 'net 192.168.1.0/24 and (dst port 21 or 22)'

etc...