This topic contains 0 replies, has 1 voice, and was last updated by   Peter Jaffray 2 months, 1 week ago.

  • User
    Posts
  • #193263

    Peter Jaffray
    Keymaster

    Know the tcpdump command if you are going to be debugging any sort of network traffic. It will make you more proficient and faster.
    See Also: Wireshark

    Source: https://danielmiessler.com/study/tcpdump/

    FILTERING BY SOURCE AND DESTINATION
    It’s quite easy to isolate traffic based on either source or destination using src and dst.

    # tcpdump src 2.3.4.5
    # tcpdump dst 3.4.5.6

    FINDING PACKETS BY NETWORK

    To find packets going to or from a particular network, use the net option. You can combine this with the src or dst options as well.

    # tcpdump net 1.2.3.0/24

    SHOW TRAFFIC RELATED TO A SPECIFIC PORT

    You can find specific port traffic by using the port option followed by the port number.
    # tcpdump port 3389

    # tcpdump src port 1025

    SHOW TRAFFIC OF ONE PROTOCOL

    If you’re looking for one particular kind of traffic, you can use tcp, udp, icmp, and many others as well.

    # tcpdump icmp

You must be logged in to reply to this topic.