So, it’s been a little while since my last update. We’ve been quite busy recently, but for those interested in learning more about tcpdump and physically capturing packets.
List Interfaces that can be tcp dumped
tcpdump -D
Listen on Interface eth0
tcpdump -i eth0
Listen to Xenserver domain 16 on public net
tcpdump -i vif16.0
Listen on any interface
tcpdump -i any
Super duper High verbosity tcpdump
tcpdump -vvvv -i eth0
Be verbose and print data of each packet in both hex and ASCII
tcpdump -v -X -i eth0
Be less verbose
tcpdump -q
Limit the capture of packets to 100
tcpdump -c 100 -i eth0
Display IP addresses and port numbers instead of domain and service names when capturing packets (note: on some systems you need to specify -nn to display port numbers):
tcpdump -n
Capture any packets where the destination host is 192.168.1.1. Display IP addresses and port numbers:
tcpdump -n dst host 192.168.1.1
Capture any packets where the source host is 192.168.1.1. Display IP addresses and port numbers:
tcpdump -n src host 192.168.1.1
http://www.rationallyparanoid.com/articles/tcpdump.html