tcpdump usage

Table of Contents

2.6.3 tcpdump

• Example: 

capture all packets and write to a RAM disk file (/tmp/capture.pcap):
root@SUPERWIFI:~# tcpdump -w /tmp/capture.pcap
Capture all arp/ping packets on Ethernet interface
root@SUPERWIFI:~# tcpdump -i eth0 '((icmp) or (arp))'

• Capture File: 

The output file is in pcap format and can be opened with softwares understand pcap (e.g. wireshark) and can be uploaded to a remote ftp server:
root@SUPERWIFI:~# ftpput -u user -p pass 192.168.1.123 REMOTE_FILE LOCAL_FILE

• Also See: Official site for tcpdump (and libpcap) (link)http://www.tcpdump.org/ A tcpdump Tutorial and Primer (link)http://danielmiessler.com/study/tcpdump/

cc






























Author: Shi Shougang


Created: 2017-04-19 Wed 23:15


Emacs 24.3.1 (Org mode 8.2.10)


Validate