TCPDUMP TRICKS ON REDHAT 7.2
1. To list of all the Interfaces
[root@rhel7 Desktop]# tcpdump -D
1.virbr0
2.docker0
3.enp0s29u1u2
4.vnet0
5.nflog (Linux netfilter log (NFLOG) interface)
6.nfqueue (Linux netfilter queue (NFQUEUE) interface)
7.usbmon1 (USB bus number 1)
8.usbmon2 (USB bus number 2)
9.enp3s0
10.br7
11.any (Pseudo-device that captures on all interfaces)
12.lo
2. To capture all the packages coming to the interface loop back (lo)
[root@rhel7 Desktop]# tcpdump -i lo
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
3. To capture all the packet in passing through any interface
[root@rhel7 Desktop]# tcpdump -i any
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
4. To be verbose while capturing
[root@rhel7 Desktop]# tcpdump -v
tcpdump: listening on virbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
5. To be verbose and ascii data capture
[root@rhel7 Desktop]# tcpdump -vvv
tcpdump: listening on virbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
6. Be verbose and print the data of each packet in both hex and ASCII, also including the link level header:
[root@rhel7 Desktop]# tcpdump -v -X
tcpdump: listening on virbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
7. To capture arp OR icmp packages
[root@rhel7 Desktop]# tcpdump -v icmp or arp
tcpdump: listening on virbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
8. To apply portrange
[root@rhel7 Desktop]# tcpdump -n -p tcp portrange 1-80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on virbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
9. To save all the capture data in a file
[root@rhel7 Desktop]# tcpdump -n -p tcp portrange 1-80 -w myfile.cap
tcpdump: listening on virbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
10 . To read data from a file
[root@rhel7 Desktop]# tcpdump -r myfile.cap
[root@rhel7 Desktop]# tcpdump -D
1.virbr0
2.docker0
3.enp0s29u1u2
4.vnet0
5.nflog (Linux netfilter log (NFLOG) interface)
6.nfqueue (Linux netfilter queue (NFQUEUE) interface)
7.usbmon1 (USB bus number 1)
8.usbmon2 (USB bus number 2)
9.enp3s0
10.br7
11.any (Pseudo-device that captures on all interfaces)
12.lo
2. To capture all the packages coming to the interface loop back (lo)
[root@rhel7 Desktop]# tcpdump -i lo
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 65535 bytes
3. To capture all the packet in passing through any interface
[root@rhel7 Desktop]# tcpdump -i any
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type LINUX_SLL (Linux cooked), capture size 65535 bytes
4. To be verbose while capturing
[root@rhel7 Desktop]# tcpdump -v
tcpdump: listening on virbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
5. To be verbose and ascii data capture
[root@rhel7 Desktop]# tcpdump -vvv
tcpdump: listening on virbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
6. Be verbose and print the data of each packet in both hex and ASCII, also including the link level header:
[root@rhel7 Desktop]# tcpdump -v -X
tcpdump: listening on virbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
7. To capture arp OR icmp packages
[root@rhel7 Desktop]# tcpdump -v icmp or arp
tcpdump: listening on virbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
8. To apply portrange
[root@rhel7 Desktop]# tcpdump -n -p tcp portrange 1-80
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on virbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
9. To save all the capture data in a file
[root@rhel7 Desktop]# tcpdump -n -p tcp portrange 1-80 -w myfile.cap
tcpdump: listening on virbr0, link-type EN10MB (Ethernet), capture size 65535 bytes
10 . To read data from a file
[root@rhel7 Desktop]# tcpdump -r myfile.cap
Comments
Post a Comment