...
Info |
---|
Quelle
...
tcp command-line usage
Param | Beschreibung |
---|---|
-i | Listen on interface (eth0, en1, 2) |
-n | do not resolve addresses to names |
-r | read packets from pcap file |
-w | write packets to pcap file |
-s | Cange the snapshot length from the default |
-C | with -w, limit the capture file size, and begin a new file when it is exceeded |
-W | With -C, limit the number of capture files created, and begin overwriting and rotating when necessary |
-D | List available adapters (WinDump only) |
Kommandos
Code Block | ||
---|---|---|
| ||
tcpdump -c count |
Code Block | ||
---|---|---|
| ||
tcpdump -e |
Code Block | ||
---|---|---|
| ||
tcpdump -i interface |
Code Block | ||
---|---|---|
| ||
tcpdump -n |
Code Block | ||
---|---|---|
| ||
tcpdump -p |
Code Block | ||
---|---|---|
| ||
tcpdump -r file |
Code Block | ||
---|---|---|
| ||
tcpdump -s snaplen |
Code Block | ||
---|---|---|
| ||
tcpdump -v, -vv, -vvv |
Code Block | ||
---|---|---|
| ||
tcpdump -w file |
Code Block | ||
---|---|---|
| ||
tcpdump -x |
Code Block | ||
---|---|---|
| ||
tcpdump -X |
Code Block | ||
---|---|---|
| ||
tcpdump -i eth0 -s 0 -w targeted_full_packet_dump.pcap 'host 10.10.10.10' |
Code Block | ||
---|---|---|
| ||
tcpdump -i eth0 -s 0 -C 100 -w rolling_split_100MB_dumps.pcap |
Code Block | ||
---|---|---|
| ||
tcpdump -i eth0 -s 0 -w RFC3514_evil_bits.pcap 'ip[6] & 0x80 != 0' |
Quelle
- ¹ Michael Kofler et al., Hacking & Security - Das umfassende Handbuch, Rheinwerk Computing, 1. Auflage 2018, Seite 141-143
- ² Gerloni, Helmar; Oberhaitzinger, Barbara; Reiser, Helmut; Plate, Jürgen; Praxisbuch Sicherheit für Linux-Server und -Netze;Hanser Verlag, 2004; Seite 76-79
- ³ Davidoff, Sherri; Ham, Jonathan, Network Forensics; Prentice Hall, Pearson Education; 2012; Seite 62/63