It is wise to use quotes around compound expressions so that bash doesn’t try to interpret parenthesis. Tcpdump supports and/ or/ not operators as keywords, e.g., tcpdump -i eth0 “host and (port 80 or port 443)”. You may use src or dst keywords to tell tcpdump if the packets captured should contain the host in the source or destination address, e.g., you can try to run tcpdump -i any src host localhost or tcpdump -i any dst host 9. Tcpdump: verbose output suppressed, use -v. If you want to filter traffic for a particular host, you can use host ip or host name to capture packets for a specific host.
Reading from file dns.pcap, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 It reads existing capture files and prints them as an output. If you made it this far and wrote a pcap file, you know you can’t use a simple text editor to read the file contents. Here in part two, I demonstrate capturing and viewing data. You can use this utility to capture network traffic for troubleshooting and analysis (and eavesdropping). This article is part two in a series covering the great tcpdump utility.
0 kommentar(er)
