Difference between revisions of "Tcpdump"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
| + | [[Category:Networking]] | ||
| + | |||
;tcpdump | ;tcpdump | ||
:Trace network traffic, all packets send are reported to standard output (terminal). | :Trace network traffic, all packets send are reported to standard output (terminal). | ||
| Line 7: | Line 9: | ||
:::Read packets from <filename>, give absolute time and all data | :::Read packets from <filename>, give absolute time and all data | ||
;:-n port 53 and ip6 and host <address> | ;:-n port 53 and ip6 and host <address> | ||
| − | ::: | + | :::Do not lookup host or port-names, select only packets from port 53, IPv6 protocol and specified host(address) |
In the output Flags are reported that have following meaning: | In the output Flags are reported that have following meaning: | ||
| − | + | S (SYN) | |
| − | S | + | F (FIN) |
| − | F | + | P (PUSH) |
| − | P (PUSH) | + | R (RST), |
| − | R (RST), | + | U (URG), |
| − | U (URG), | + | W (ECN CWR), |
| − | W (ECN CWR), | + | E (ECN-Echo) |
| − | E (ECN-Echo) | + | . (ACK) |
| − | . (ACK) | + | none if no flags are set... |
| − | none if no flags are set... | ||
Latest revision as of 15:23, 9 October 2020
- tcpdump
- Trace network traffic, all packets send are reported to standard output (terminal).
- -w <filename> -C 10
-
- Dump raw data to <filename>, create new file after 10 million (not 10MB) bytes are written
- -r <filename> -tttt -X
-
- Read packets from <filename>, give absolute time and all data
- -n port 53 and ip6 and host <address>
-
- Do not lookup host or port-names, select only packets from port 53, IPv6 protocol and specified host(address)
In the output Flags are reported that have following meaning:
S (SYN) F (FIN) P (PUSH) R (RST), U (URG), W (ECN CWR), E (ECN-Echo) . (ACK) none if no flags are set...