tcpdump
- Choose the interface
tcpdump -i eth0
- do not display FQDN (print out numeric IP address only)
tcpdump -i eth0 -n
- output in verbose mode
tcpdump -i eth0 -n -v
tcpdump -i eth0 -n -vv (very verbose)
- Only listen to those traffic destinated to you eth (turn off promiscuous mode)
tcpdump -i eth0 -p
- only listen to a particular port
tcpdump -i eth0 'port 80'
- only listen on port 80 from specific source host
tcpdump -i eth0 tcp dst port 80 and src host 192.168.0.10
- When parsing and printing, in addition to printing the headers of each packet, print the data of each packet
tcpdump -i eth0 -x 'port 80'
No comments:
Post a Comment