Tcpdump howto

From thelinuxwiki
Revision as of 16:42, 12 April 2013 by Nighthawk (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Changing packet size in the capture file:

By default, when capturing packets into a file, it will save only 68 bytes of the data from each packet. The -s command line switch tells tcpdump how many bytes for each packet to save. Specifying 0 as a packet’s snapshot length tells tcpdump to save whole packet.

example: tcpdump -w file.cap -s 0


UNIX tcpdump 3.9.4(Freebsd, ipso)


Showing link level headers (MAC addresses) 

 tcpdump -e -i ethxxx


filtering for specific sources and destinations 

 tcpdump -nnei eth1-01 '((host 192.168.1.1 and host 172.16.0.1) or (host 10.0.0.1 and host 172.16.0.1))'
Retrieved from "http://www.thelinuxwiki.com/index.php?title=Tcpdump_howto&oldid=208"