Tcpdump is a packet capture for the Linux command line. This is by no means a full guide but a quick overview of some of the main commands.
The syntax below will capture all traffic with IP address of 172.16.1.1 and and IP in the network 172.16.1.0/24 with a port of udp/53. This will write it to a capture file for viewing in wireshark, with double verbosity.
tcpdump -vvi eth2 -s 1500 -w test.cap host 172.16.1.1 and net 172.16.1.0/24 and udp port 53
This will read the capture test.cap
tcpdump -r test.cap
To view the payload of the packet use the following commands :
- -X – Displays the in but ASCII and HEX.
- -A – Displays just the payload in ASCII
Tcpdump for windows can be downloaded here
- How to Configure a BIND Server on Ubuntu - March 15, 2018
- What is a BGP Confederation? - March 6, 2018
- Cisco – What is BGP ORF (Outbound Route Filtering)? - March 5, 2018
Want to become a UNIX expert?
Here is our hand-picked selection of the best courses you can find online:
UNIX Administration Fundamentals
and our recommended certification practice exams:
AlphaPrep Practice Tests - Free Trial