Wednesday, August 27, 2008

TCPDUMP Tutorial

TCPDUMP is a wonderful command line tool which helps analyzing and troubleshooting network traffic on a Linux host.

The tcpdump options I use the most are:
  • -n : Don't resolve hostnames.
  • -nn : Don't resolve hostnames or port names.
  • -v, -vv, -vvv : Increase the amount of packet information you get back.
The followings are the most tcpdump expressions I use:

Display any traffic souring and destining a specific host:
  • tcpdump host "Host Address"
Display any traffic sourcing a specific host:
  • tcpdump src "Host-address"
Display any traffic destining a specific host:
  • tcpdump dst "Host-address"
Display any ICMP traffic:
  • tcpdump icmp
Display traffic sourced or destined a specific network:
  • tcpdump net "net-address"
Display any traffic sourcing or destining a specific port:
  • tcpdump port "port-number"
Display any traffic sourcing a specific port:
  • tcpdump src port "port-number"
Display any traffic destining a specific port:
  • tcpdump dst port "port-number"
It is also possible to use "AND", "OR", and "Excpet":

You can learn more about tcpdump options and expressions with great examples at this location: http://dmiessler.com/study/tcpdump/

Labels: , , ,

posted by Saeed Pazoki @ 3:19 PM   0 comments

0 Comments:

Post a Comment

<< Home