Open main menu

CDOT Wiki β

Changes

NAD710 Lab 3

15 bytes added, 20:18, 22 September 2008
tcpdump command-line options
=Background Information=
<b>tcpdump</b> is a network packet capturing program. It allows the root user to capture packets on a network and displaying them on the screen or saving them to a file for later analysis. The information provided by <b>tcpdump</b> can be used for identifying network problems or analysing network usage. Please consult the tcpdump man page for details.
== Useful tcpdump command-line options== List of useful command line options for tcpdump:* Print Use the -D option to print a list of the network interfaces available on the system and on which tcpdump can capture packets. tcpdump -D
[root@rh9 ~]# tcpdump -D
1.eth0
4.lo
* Specifies The -i option specifies the network interface which tcpdump should listen onto. If unspecified, tcpdump searches the system interface list for the lowest numbered, configured up interface. This option should be used on systems with multiple network interfaces if when you want tcpdump to listen on to a specific one.
tcpdump -i <dev>
0 packets dropped by kernel
* The -n option instructs tcpdump not to convert IP address addresses to host name, names. The -nn for not option is used to convert Port number keep tcpdump from converting port numbers to application namenames, etc. In this experimentlab, you should always include the -n option to avoid host name lookup.
tcpdump -n -i <dev>
0 packets dropped by kernel
* The -w option causes tcpdump to write the out raw packets to a file rather than parsing and printing them out. The packets can later be displayed with the -r option.
tcpdump -i <dev> -w <b><i>filename</i></b>
0 packets dropped by kernel
* The -r option causes tcpdump to read packets from a file created with the -w option. Any users could (non-root) user can use the tcpdump (/usr/sbin/tcpdump) program to read the file created by the -w option as long as they have the read permission on itthe file.
tcpdump -r <b><i>filename</i></b>
1
edit