Let's check some more interesting options using tcpdump.
Host
# tcpdump host 192.168.1.22
look for traffic based on IP address (also works with hostname if you're not using -n), check the traffic of other machine using host option.
src, dst
# tcpdump src 192.168.1.22
# tcpdump dst 192.168.1.22
find traffic from only a source or destination (eliminates one side of a host conversation)
net
# tcpdump net 192.186.0.0/24
capture an entire network using CIDR notation
proto
# tcpdump icmp
works for tcp, udp, and icmp protocols.
port
# tcpdump port 3389
see only traffic to or from a certain port
src/dst, port, protocol
# tcpdump src port 1025 and tcp
# tcpdump udp and src port 53
combine all three options . You also have the option to filter by a range of ports instead of declaring them individually.
Port Ranges
# tcpdump portrange 21-23
see traffic to any port in a range.
Packet Size Filter
# tcpdump less 32
# tcpdump greater 128
only see packets below or above a certain size (in bytes)
tcpdump > 32
tcpdump <= 12
we can use the symbol also instead of less / greater
Grouping
# tcpdump 'src 10.0.2.4 and (dst port 3389 or 22)'
Traffic that's from 10.0.2.4 AND destined for ports 3389 or 22
No comments:
Post a Comment