tcpcump

How to take a packet trace using tcpdump

Common options to use are
-D : Lists the available interfaces
-i : Listen on specified interface. Use tcpdump -D, ip a, or ifconfig to get available interfaces or use -i any for all.
-n : Use numbers, don’t resolve hostnames.
-nn : Don’t resolve hostnames or port names.
-v, -vv, -vvv : Increase the amount of packet information you get back.
-c : Capture x number of packets, example tcpdump -c 50
-s : Set the snapshot length or snarfs the snaplen. The default is 68 bytes. Use -s0 unless you are know what snapshot length you want to capture.
-q : Show less protocol information.
-E : Decrypt IPSEC traffic by providing an encryption key.
-R : Read the trace

tcpdump syntax: ‘Protocol’ ‘Direction’ ‘Host(s)’ ‘Value’ ‘Logical Operations’ ‘Other expression’
tcpdump tcp src 192.168.100.10 445 and tcp dst 192.168.100.2

Start by listing interfaces that are available:
tcpdump -D… Continue reading

Categories