contoh pemakaian tcpdump
Wed, 2008-02-27 10:38 — budiw
Beberapa contoh dari tcpdump.
Let assume I wanna capture tcp packets that flow over eth1, port 6881. The dump file with be save as test.pcap.
tcpdump -w test.pcap -i eth1 tcp port 688
Simple right? What if at the same time I am interested on getting packets on udp port 33210 and 33220?
tcpdump -w test.pcap -i eth1 tcp port 6881 or udp \( 33210 or 33220 \)
Ok, how about reading pcap that I saved previously?
tcpdump -nnr test.pcap
Adding -tttt to makes the timestamp appears more readable format.
tcpdump -ttttnnr test.pcap
You need to tell tcpdump which IP you are interested in? Destination IP? or Source IP ? Let say I wanna sniff on destination IP 10.168.28.22 tcp port 22, how should i write?
tcpdump -w test.pcap dst 10.168.28.22 and tcp port 22
By default the sniff size of packets is 96 bytes, you somehow can overload that size by specified with -s.
tcpdump -w test.pcap -s 1550 dst 10.168.28.22 and tcp port 22
Some version of tcpdump allows you to define port range. You can as bellow for capturing packets based on a range of tcp port.
tcpdump tcp portrange 20-24
--budiw
- budiw's blog
- Add new comment
- 2466 reads
