Tcpdump

From Indie IT Wiki
Revision as of 14:20, 2 March 2020 by imported>Plittlefield (→‎Stop Capture After Period Of Time)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Introduction

tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.

Easy Tutorial

http://openmaniak.com/tcpdump.php

Example Commands

tcpdump -D
tcpdump -i enp4s0 port 8094
tcpdump host www.paully.co.uk
tcpdump -w capture.log

Stop Capture After Period Of Time

/path/to/tcpdumpbinary --whatever-args-you-need & sleep 10s && pkill -HUP -f /path/to/tcpdumpbinary

This will capture DNS traffic to a log file and stop after 10 seconds...

$ /usr/sbin/tcpdump -i ens18 -w tcpdump.log port 53 & sleep 10s && pkill -HUP -f /usr/sbin/tcpdump
[1] 28538
tcpdump: listening on ens18, link-type EN10MB (Ethernet), capture size 262144 bytes
196 packets captured
200 packets received by filter
0 packets dropped by kernel
[1]+  Done                    /usr/sbin/tcpdump -i ens18 -w tcpdump.log port 53