Tcpdump

From Indie IT Wiki
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

Introduction

tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.

Easy Tutorial

http://openmaniak.com/tcpdump.php

Example Commands

tcpdump -D
tcpdump -i enp4s0 port 8094
tcpdump host www.paully.co.uk
tcpdump -w capture.log

Stop Capture After Period Of Time

/path/to/tcpdumpbinary --whatever-args-you-need & sleep 10s && pkill -HUP -f /path/to/tcpdumpbinary

This will capture DNS traffic to a log file and stop after 10 seconds... 

$ /usr/sbin/tcpdump -i ens18 -w tcpdump.log port 53 & sleep 10s && pkill -HUP -f /usr/sbin/tcpdump
[1] 28538
tcpdump: listening on ens18, link-type EN10MB (Ethernet), capture size 262144 bytes
196 packets captured
200 packets received by filter
0 packets dropped by kernel
[1]+  Done                    /usr/sbin/tcpdump -i ens18 -w tcpdump.log port 53
Retrieved from ‘https://wiki.indie-it.com/index.php?title=Tcpdump&oldid=283