Difference between revisions of "Tcpdump"
Jump to navigation
Jump to search
(Created page with ";tcpdump :Trace network traffic, all packets send are reported to standard output (terminal). ;:-w <filename> -C 10 :::Dump raw data to <filename>, create new file after 10 m...") |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
| + | [[Category:Networking]] | ||
| + | |||
;tcpdump | ;tcpdump | ||
:Trace network traffic, all packets send are reported to standard output (terminal). | :Trace network traffic, all packets send are reported to standard output (terminal). | ||
| Line 7: | Line 9: | ||
:::Read packets from <filename>, give absolute time and all data | :::Read packets from <filename>, give absolute time and all data | ||
;:-n port 53 and ip6 and host <address> | ;:-n port 53 and ip6 and host <address> | ||
| − | ::: | + | :::Do not lookup host or port-names, select only packets from port 53, IPv6 protocol and specified host(address) |
| + | |||
| + | In the output Flags are reported that have following meaning: | ||
| + | S (SYN) | ||
| + | F (FIN) | ||
| + | P (PUSH) | ||
| + | R (RST), | ||
| + | U (URG), | ||
| + | W (ECN CWR), | ||
| + | E (ECN-Echo) | ||
| + | . (ACK) | ||
| + | none if no flags are set... | ||
Latest revision as of 15:23, 9 October 2020
- tcpdump
- Trace network traffic, all packets send are reported to standard output (terminal).
- -w <filename> -C 10
-
- Dump raw data to <filename>, create new file after 10 million (not 10MB) bytes are written
- -r <filename> -tttt -X
-
- Read packets from <filename>, give absolute time and all data
- -n port 53 and ip6 and host <address>
-
- Do not lookup host or port-names, select only packets from port 53, IPv6 protocol and specified host(address)
In the output Flags are reported that have following meaning:
S (SYN) F (FIN) P (PUSH) R (RST), U (URG), W (ECN CWR), E (ECN-Echo) . (ACK) none if no flags are set...