Tcpdump

Tcpdump

dump the traffic on a network

Install

#Arch/Manjaro
sudo pacman -S tcpdump
#CentOS
sudo yum install tcpdump
#Ubuntu
sudo apt install tcpdump

Parameters

-A: Print each packet (minus its link level header) in ASCII. Handy for capturing web pages.

-c count : Exit after receiving count packets

-D: Print the list of the network interfaces available on the system and the number can be used for -i

-n: Don't convert addresses

-N: Don't print domain name qualification of host names.

-q: Quick output. Print less protocol information so output lines are shorter.

-w file.pcap: Write the raw packets fo file

Use

1. 经过 [eth],src或dst为 [ip] 的包

   tcpdump -i [eth] -n host [ip]
   

2. src/dst为[ip]

   tcpdump -i [eth] [src|dst] host [ip]
   

3. 抓取主机[h1]与主机[h2]或[h3]间的通信

   tcpdump host [h1] and ([h2] or [h3])
   

4. 抓取主机[h1]除了和[h2]之外左右主机的通信

   tcpdump host [h1] and ![h2]
   

5. 抓取指定协议的数据包

   tcpdump  [arp|ip|tcp|udp|icmp]
   

6. 指定端口 [port]

   tcpdump -i [eth] port [port]
   

7. 只抓SYN包

   tcpdump -i [eth] 'tcp[tcpflags]=tcp-syn'
   

References

1. Linux下tcpdump命令的使用
2. Linux tcpdump命令详解
3. tcpdump命令
4. tcpdump抓包命令
5. Linux基础：用tcpdump抓包