Tcpdump
From Indie IT Wiki
Revision as of 14:20, 2 March 2020 by imported>Plittlefield (→Stop Capture After Period Of Time)
Introduction
tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
Easy Tutorial
http://openmaniak.com/tcpdump.php
Example Commands
tcpdump -D tcpdump -i enp4s0 port 8094 tcpdump host www.paully.co.uk tcpdump -w capture.log
Stop Capture After Period Of Time
/path/to/tcpdumpbinary --whatever-args-you-need & sleep 10s && pkill -HUP -f /path/to/tcpdumpbinary
This will capture DNS traffic to a log file and stop after 10 seconds...
$ /usr/sbin/tcpdump -i ens18 -w tcpdump.log port 53 & sleep 10s && pkill -HUP -f /usr/sbin/tcpdump [1] 28538 tcpdump: listening on ens18, link-type EN10MB (Ethernet), capture size 262144 bytes 196 packets captured 200 packets received by filter 0 packets dropped by kernel [1]+ Done /usr/sbin/tcpdump -i ens18 -w tcpdump.log port 53