Solved

TCPDump Examples

Posted on 2014-03-25
9
391 Views
Last Modified: 2014-03-31
Heyas,

I can't seem to find a decent example of how to use the tcpdump with the following parameters.

tcpdump [ipaddress] [interface] [port]

Any assistance is welcome.

Thank you.
0
Comment
Question by:Zack
  • 5
  • 3
9 Comments
 
LVL 48

Accepted Solution

by:
Tintin earned 275 total points
ID: 39955225
tcpdump -i eth0 port 80 src 10.1.1.1
0
 
LVL 19

Expert Comment

by:simon3270
ID: 39955508
On RedHat I need

     tcpdump -i eth0 port 80 and src 10.1.1.1
0
 
LVL 19

Expert Comment

by:simon3270
ID: 39955594
You can make more complex statements too:

    tcpdump -i eth0 port 80 and \( src 10.10.10.101 or dst 10.10.10.102 \)
0
 

Author Closing Comment

by:Zack
ID: 39964716
Thank you for the info.
0
Free Gift Card with Acronis Backup Purchase!

Backup any data in any location: local and remote systems, physical and virtual servers, private and public clouds, Macs and PCs, tablets and mobile devices, & more! For limited time only, buy any Acronis backup products and get a FREE Amazon/Best Buy gift card worth up to $200!

 
LVL 19

Expert Comment

by:simon3270
ID: 39964897
Just out of interest, which OS are you doing this on?

Thanks,
Simon
0
 

Author Comment

by:Zack
ID: 39965509
Knoppix
0
 
LVL 19

Expert Comment

by:simon3270
ID: 39966480
I think you may have accepted the wrong answer.  On Knoppix 7.2:

knoppix@Microknoppix:~$ sudo tcpdump -i eth0 port 80 src 10.1.1.1
tcpdump: syntax error
knoppix@Microknoppix:~$ sudo tcpdump -i eth0 port 80 and src 10.1.1.1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

Open in new window


It needs the "and".
0
 

Author Comment

by:Zack
ID: 39966700
It worked on the system I was on at the time, I was remotely logged into a Knoppix machine via SSH.
0
 
LVL 19

Expert Comment

by:simon3270
ID: 39966718
OK, no problem.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now