79890174ab2d76979c4e245cd6565bd503c36461
Home.md
| ... | ... | @@ -66,6 +66,7 @@ |
| 66 | 66 | |
| 67 | 67 | ### monitoring |
| 68 | 68 | - [snmp](technology/monitoring/snmp) |
| 69 | +- [tcpdump](technology/monitoring/tcpdump) |
|
| 69 | 70 | |
| 70 | 71 | ### networking |
| 71 | 72 | - [subnet_cheatsheet](technology/networking/subnet_cheatsheet) |
technology/monitoring/tcpdump.md
| ... | ... | @@ -0,0 +1,21 @@ |
| 1 | +# tcpdump |
|
| 2 | + |
|
| 3 | +## capture entire packet |
|
| 4 | +``` |
|
| 5 | +tcpdump -nnvvXSs 1514 -i eth0 |
|
| 6 | +``` |
|
| 7 | +- nn : don't convert hostnames or port names |
|
| 8 | +- vv : verbosity level |
|
| 9 | +- X : payload. shows packet contents in both ASCII and HEX |
|
| 10 | +- S : prints absolute sequence numbers |
|
| 11 | +- s : set snaplen (in this case 1514) |
|
| 12 | + |
|
| 13 | +## read entire packet |
|
| 14 | +``` |
|
| 15 | +tcpdump -qns 0 -A -r <filename> |
|
| 16 | +``` |
|
| 17 | +- q : quiet |
|
| 18 | +- n : don't convert host names |
|
| 19 | +- s : set snaplen (0 means catch whole packets) |
|
| 20 | +- A : print each packet in ASCII |
|
| 21 | +- r : read from file |