Brian at 12:36, 18 June 2014

2014-06-18T12:36:05Z

Brian: Created page with "==Useful TCPDUMP commands for debugging== I have only found a few times that I needed to use tcpdump, most of them are for firewall issues. ===Basic TCPDUMP commands=== Che..."

2014-06-15T16:21:28Z

Created page with "==Useful TCPDUMP commands for debugging== I have only found a few times that I needed to use tcpdump, most of them are for firewall issues. ===Basic TCPDUMP commands=== Che..."

New page

==Useful TCPDUMP commands for debugging==

I have only found a few times that I needed to use tcpdump, most of them are for firewall issues.

===Basic TCPDUMP commands===

Checking to see what interfaces we can use with tcpdump

tcpdump -D

Listen to all traffic coming in over a specific interfacae

tcpdump -i eth0

<sub>*note the -i stands for interface</sub>

Listen to all traffic on all interfaces

tcpdump -i any

At this point you will notice there is alot of information going to and from your computer.

===There are 4 settings when it comes to verbose information(verbose, more verbose, very verbose, less verbose)===

Verbose

tcpdump -v

More Verbose

tcpdump -vv

Oddly enough Very verbose

tcpdump -vvv

Less verbose mean less then the default

tcpdump -q

Say you want to dispaly ipaddress and ports vers domains and service ports

tcpdump -n

===More fun tcpdump combinations===

Capture all bytes of data within the packet:

tcpdump -s 0

Capture 500 bytes of data for each packet rather than the default of 68 bytes:
tcpdump -s 500

Capture any packets where the destination host is 192.168.1.1. Display IP addresses and port numbers:
tcpdump -n dst host 192.168.1.1

Capture any packets where the source host is 192.168.1.1. Display IP addresses and port numbers:
tcpdump -n src host 192.168.1.1

Capture any packets where the source or destination host is 192.168.1.1. Display IP addresses and port numbers:
tcpdump -n host 192.168.1.1

Capture any packets where the destination network is 192.168.1.0/24. Display IP addresses and port numbers:
tcpdump -n dst net 192.168.1.0/24

Capture any packets where the source network is 192.168.1.0/24. Display IP addresses and port numbers:
tcpdump -n src net 192.168.1.0/24

Capture any packets where the source or destination network is 192.168.1.0/24. Display IP addresses and port numbers:
tcpdump -n net 192.168.1.0/24

Capture any packets where the destination port is 23. Display IP addresses and port numbers:
tcpdump -n dst port 23

Capture any packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:
tcpdump -n dst portrange 1-1023

Capture only TCP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:
tcpdump -n tcp dst portrange 1-1023

Capture only UDP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:
tcpdump -n udp dst portrange 1-1023

Capture any packets with destination IP 192.168.1.1 and destination port 23. Display IP addresses and port numbers:
tcpdump -n "dst host 192.168.1.1 and dst port 23"

Capture any packets with destination IP 192.168.1.1 and destination port 80 or 443. Display IP addresses and port numbers:
tcpdump -n "dst host 192.168.1.1 and (dst port 80 or dst port 443)"

Capture any ICMP packets:
tcpdump -v icmp

Capture any ARP packets:
tcpdump -v arp

Capture either ICMP or ARP packets:
tcpdump -v "icmp or arp"

Capture any packets that are broadcast or multicast:
tcpdump -n "broadcast or multicast"

Check to see if a specific client is connecting to MySQL over port 3306

tcpdump -i any -s 0 -l -w - dest port 3306 and src host 192.168.1.1

← Older revision		Revision as of 12:36, 18 June 2014
Line 102:		Line 102:
	Check to see if a specific client is connecting to MySQL over port 3306		Check to see if a specific client is connecting to MySQL over port 3306

−	tcpdump -i any -s 0 -l -w - dest port 3306 and src host 192.168.1.1	+	tcpdump -i any -s 0 -l -w dest port 3306 and src host 192.168.1.1

Useful TCPDUMP commands - Revision history

Brian at 12:36, 18 June 2014

Brian: Created page with "==Useful TCPDUMP commands for debugging== I have only found a few times that I needed to use tcpdump, most of them are for firewall issues. ===Basic TCPDUMP commands=== Che..."