Using tcpdump
Examples tcpdump
see traffic on the interface:
tcpdump -i eth0
see traffic on one host:
tcpdump host 192.168.1.1
see traffic on port:
tcpdump src port 80
tcpdump dst port 80
tcpdump port 80
see IP traffic on the host:
tcpdump ip host 192.168.1.1
see IP traffic on the net:
tcpdump ip net 192.168.1.0/24
see ARP traffic on the host:
tcpdump arp host 192.168.1.1
look RARP traffic on the host:
tcpdump rarp host 192.168.1.1
see traffic, except the host unixserver:
tcpdump not host unixserver
watch the traffic on the serverone and servertwo
tcpdump host serverone or host servertwo
view the contents of packets on the interface eth0 host cnn.com
tcpdump -X -i eth0 host cnn.com
spy numbers and passwords to icq
tcpdump -X -i eth0 port aol
view the contents of packets on the interface eth0 host cnn.com, while reading from each packet of 1500 bytes and not to convert IP to hostname
tcpdump -X -s 1500 -n -i eth0 host cnn.com
Leave a Comment