Difference between revisions of "Tcpdump"
Jump to navigation
Jump to search
(Created page with ";tcpdump :Trace network traffic, all packets send are reported to standard output (terminal). ;:-w <filename> -C 10 :::Dump raw data to <filename>, create new file after 10 m...") |
|||
Line 8: | Line 8: | ||
;:-n port 53 and ip6 and host <address> | ;:-n port 53 and ip6 and host <address> | ||
:::1 Do not lookup host or port-names, select only packets from port 53, IPv6 protocol and specified host(address) | :::1 Do not lookup host or port-names, select only packets from port 53, IPv6 protocol and specified host(address) | ||
+ | |||
+ | In the output Flags are reported that have following meaning: | ||
+ | <code> | ||
+ | S (SYN), | ||
+ | F (FIN), | ||
+ | P (PUSH), | ||
+ | R (RST), | ||
+ | U (URG), | ||
+ | W (ECN CWR), | ||
+ | E (ECN-Echo) | ||
+ | . (ACK) | ||
+ | none if no flags are set... |
Revision as of 16:59, 2 January 2019
- tcpdump
- Trace network traffic, all packets send are reported to standard output (terminal).
- -w <filename> -C 10
-
- Dump raw data to <filename>, create new file after 10 million (not 10MB) bytes are written
- -r <filename> -tttt -X
-
- Read packets from <filename>, give absolute time and all data
- -n port 53 and ip6 and host <address>
-
- 1 Do not lookup host or port-names, select only packets from port 53, IPv6 protocol and specified host(address)
In the output Flags are reported that have following meaning:
S (SYN),
F (FIN),
P (PUSH),
R (RST),
U (URG),
W (ECN CWR),
E (ECN-Echo)
. (ACK)
none if no flags are set...