NeilSec: Security Learning Blog

Pentesting, infosec, hacking, learning.

  • Home
  • Knowledgebase
You are here: Home / Linux / tcpdump

tcpdump

2018-01-22 by Neil Leave a Comment

To analyse a capture file

tcpdump -r capture_file.pcap

general monitoring

-i any = listen on any interface
-i eth0 = listen on eth0 interface
-n = do not resolve hostnames
-q = quiet (less verbose)
-t = timestamp
-tttt = maximally readable timestamp
-v,vv,vvv = verbosity
-A = display in ASCII
-X = display in Hex
-w = write to file
-r = read a capture file
tcp = capture TCP only (tcpdump -i eth0 tcp)

filter for source destination IP

tcpdump -n src host 192.168.3.45 -r dumpfile.pcap
tcpdump -n dst host 192.168.3.45 -r dumpfile.pcap

filter for port number

tcpdump -n port 81 -r dumpfile.pcap

View traffic in hex format

tcpdump -nX -r dumpfile.pcap

specify flags

The TCP flags are at byte 14 (0->13) and the flags are:
CEUAPRSF
00000000

So A(ack) and P(psh) flags (either/or) would be
00011000 = 24 leading to:
tcpdump -A -n ‘tcp[13] = 24’ -r dumpfile.pcap

Filed Under: Linux

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

About Me

I’m currently a systems admin / consultant at a IT firm who looks after the computer systems of small businesses in the UK. IT security is only a part of that job. However I’ve always enjoyed breaking into, getting around, subverting and otherwise hacking things, systems and ideas. In tackling some low-level IT security tasks I reignited my interest in the field and this blog charts my progress in the world of Computer Security, legal Hacking, Penetration Testing, Infosec – whatever you want to call it. As a Windows guy I’m learning about Linux, shell-scripting, python and all the other skills needed in this field.

Tags

Apache Boot-to-Root CTF curl dib Dirbuster FreeBSD Hack The Box Linux mysql NFS Penetration Testing PHP RCE shell VulnHub Wordpress

Categories

© 2023 · NeilSec;