Difference between revisions of "Tcpdump"
Jump to navigation
Jump to search
Line 1: | Line 1: | ||
+ | [[Category:Networking]] | ||
+ | |||
;tcpdump | ;tcpdump | ||
:Trace network traffic, all packets send are reported to standard output (terminal). | :Trace network traffic, all packets send are reported to standard output (terminal). | ||
Line 7: | Line 9: | ||
:::Read packets from <filename>, give absolute time and all data | :::Read packets from <filename>, give absolute time and all data | ||
;:-n port 53 and ip6 and host <address> | ;:-n port 53 and ip6 and host <address> | ||
− | ::: | + | :::Do not lookup host or port-names, select only packets from port 53, IPv6 protocol and specified host(address) |
In the output Flags are reported that have following meaning: | In the output Flags are reported that have following meaning: | ||
− | + | S (SYN) | |
− | S | + | F (FIN) |
− | F | + | P (PUSH) |
− | P (PUSH) | + | R (RST), |
− | R (RST), | + | U (URG), |
− | U (URG), | + | W (ECN CWR), |
− | W (ECN CWR), | + | E (ECN-Echo) |
− | E (ECN-Echo) | + | . (ACK) |
− | . (ACK) | + | none if no flags are set... |
− | none if no flags are set... |
Latest revision as of 14:23, 9 October 2020
- tcpdump
- Trace network traffic, all packets send are reported to standard output (terminal).
- -w <filename> -C 10
-
- Dump raw data to <filename>, create new file after 10 million (not 10MB) bytes are written
- -r <filename> -tttt -X
-
- Read packets from <filename>, give absolute time and all data
- -n port 53 and ip6 and host <address>
-
- Do not lookup host or port-names, select only packets from port 53, IPv6 protocol and specified host(address)
In the output Flags are reported that have following meaning:
S (SYN) F (FIN) P (PUSH) R (RST), U (URG), W (ECN CWR), E (ECN-Echo) . (ACK) none if no flags are set...