tcpdump -i eth0 host <IP's address>
Specific port
tcpdump -i eth0 port 1194
Capture port range 23 to 1023 from source.
tcpdump -i wan0 -n src portrange 23-1023
Capture port range 23 to 1023 to destination.
tcpdump -i wan0 -n dst portrange 23-1023
tcpdump -i eth0 icmp
s catch how long on each packet.
This mean to catch first 80 bytes on each packet.
tcpdump -i eth0 -s 80 -w /tmp/abc.cap
Only catch specifi ip address.
tcpdump -i eth0 host 192.168.0.1 -w /tmp/abc.cap
# tcpdump --help
tcpdump version 4.1.1
libpcap version 1.1.1
Usage: tcpdump [-aAbdDefIKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
[ -i interface ] [ -M secret ] [ -r file ]
[ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ]
[ -y datalinktype ] [ -z command ] [ -Z user ]
[ expression ]
Reference:
0 意見:
張貼留言