Here is a list of useful tcpdump commands you can use when capturing, inspecting, and searching live or captured network traffic.
Captures traffic on a host
sudo tcpdump -i <listening (promiscuous) interface> host <target IP to capture all data to and from> -n -s 0 -w <output file name>
Does an ascii dump of traffic captured on a host
tcpdump -Alnqvvvs0
Do a regular expression search on a packet capture (pcap file)
tcpdump -Alnqvvvs0 -r <pcap file> host "<ip address>" |grep -Ei "<regular expression>"
No comments:
Post a Comment