User Tools

Site Tools


TCP dump

If you ssh into a computer and want to use tcpdump to view traffic, ssh (22) can be excluded

tcpdump -i [interface] -n 'port!22'

Capture traffic leaving a host

tcpdump -pi [interface] src host [hostname]

Watch for traffic leaving one network and entering two other networks

tcpdump -pi [interface] src net [network] and dst net [network2] or [network3]
tcpdump -pi [interface] src net and dst or 192.168.12/24

Capture UDP packets from an interface in HEX

tcpdump -XX -I [interface]  port [UDP port]
public/tcp_dump.txt · Last modified: 2020/10/16 10:03 by lstolp