Blogs
- Mastering DHCP Snooping: Enhance Your Network Security
- Automate Meraki Device Renaming
- Securing Your Network Access with 802.1X
- OpenSSL cheatsheet
- 802.1x EAP peap and EAP tls
- BGP Internet Edge
- Sumologic Troubleshooting
- Firewall Benefits
- Meraki
- Napalm Python
- SumoLogic SEIM
- Layer 1 and 2 checklist
- Automating OS Upgrade
- Netmiko
- TCPDUMP
- Multicast Notes
- MPLS Notes
- BGP Notes
- OSPF Notes
- Linux cheat sheet
- ISIS Notes
- TCP IP
TCPDUMP
TCPdump is a powerful tool for network troubleshooting, packet analysis,
and security auditing used by system administrators and network engineers.
It allows users to capture and interpret packets that are transmitted or
received over a network. With tcpdump, you can quickly identify the source
of networking issues and pinpoint the cause of many problems.
By mastering the use of tcpdump, you can easily troubleshoot network issues and examine packets in detail. With its many capabilities, tcpdump is an invaluable tool for any network engineer or system administrator.
Happy packet capturing! :)
- Listening to a Specific Interface:
tcpdump -i <interface> - Capturing Packets from Multiple Interfaces:
tcpdump -Dfollowed by-ifor each interface - Capturing Packets Based on Specified Protocols:
tcpdump -nn <protocol> tcpdump port <portnumber>- Capturing for a Specific Host:
tcpdump host <IPaddress> - Capturing All Traffic on the Network:
tcpdump -p - Capturing Network Traffic for a Specific Duration:
tcpdump -c <number of packets> - Saving the Output to a File:
tcpdump -w <filename> - Reading Packets from a Log File:
tcpdump -r <filename> - Applying a BPF Filter:
tcpdump '<BPF filter>' - Capturing Packets with or Without Promiscuous Mode:
tcpdump -p or -P - Capturing on Specific Network Layer and Protocols:
tcpdump -l <layer> <protocol> - Capturing Packets with or Without Payload:
tcpdump -s 0 or -s<length of payload to capture> - Debugging Mode:
tcpdump -ddd - List All Available Options:
tcpdump --help - Displaying a Packet Summary:
tcpdump -v - Suppressing Duplicate Packets:
tcpdump -ddd -c <number ofpackets> - Ignoring All Local Traffic:
tcpdump -q - Capturing IPv6 Traffic:
tcpdump -n ip6 - Capturing on Specific Network Layer and Excluding a Protocol:
tcpdump-l <layer> not <protocol> Dumping the Packet in Hex Format:tcpdump -xx- Printing Timestamps for Each Captured Packet:
tcpdump -tt - Displaying the MTU for Each Captured Packet:
tcpdump -m - Troubleshoot TCP Connections:
tcpdump -nSs 0 tcp port<portnumber> and '(src host <IPaddress> and dst host<IPaddress>) or (src host <IPaddress> and dst host<IPaddress>) - Troubleshoot UDP Connections:
tcpdump -nSs 0 udp port <portnumber> and '(src host <IPaddress> and dst host <IPaddress>) or (src host <IPaddress> and dst host <IPaddress>) - Troubleshoot ICMP Connections:
tcpdump -nSs 0 icmp and '(src host <IPaddress> and dst host <IPaddress>) or (src host <IPaddress> and dst host <IPaddress>) - Troubleshoot Multicast Connections:
tcpdump -nSs 0 multicast and'(src host <IPaddress> and dst host <IPaddress>) or (src host <IPaddress> and dst host <IPaddress>) - Filtering Packets Containing a Specific String:
tcpdump -s 0 -A '<string>' - Capturing on Specific Network Layer and Source/Destination Ports:
tcpdump -l <layer> src port <portnumber> or dst port <portnumber> - Capturing All Traffic Except for a Specific Host:
tcpdump not host <IPaddress> - Exclude a Specific Protocol from Capturing:
tcpdump not <protocol> - Capturing Packets with Certain Flags:
tcpdump 'flags <flagname>' - Capturing Packets other them my ssh:
tcpdump -i eth0 port not 22 and host <myIp> - Capturing All Packets from all interface but not my IP:
tcpdump host not <myIp>
By mastering the use of tcpdump, you can easily troubleshoot network issues and examine packets in detail. With its many capabilities, tcpdump is an invaluable tool for any network engineer or system administrator.
Happy packet capturing! :)