Introduction to TCPDUMP
146.9 هزار بار بازدید -
10 سال پیش
-
Twitter: @davidmahlerLinkedIn:
Twitter: @davidmahler
LinkedIn: LinkedIn: davidmahler
Links:
reference: www.tcpdump.org
reference: tcpdump man page!
tcpdump options used in this video:
Version check: -h
List interfaces: -D
Capture on eth0: -i eth0
Stop at 500 (or any #) of packets: -c500
No name resolution: -n
Change capture size (ex 96 Bytes): -s96
Max capture size: -s0
save to file capture.pcap: -w capture.pcap -v
Read from a capture file: -r capture.pcap
Filters:
IP: host (ip addr)
Source IP: src host (ip addr)
Dest. IP: dst host (ip addr)
port: port 80
MAC address: ether host (mac address)
protocol filters: tcp, udp, icmp, arp, rarp, ip6, (others)
SYN flag: "tcp[tcpflags] & tcp-syn != 0"
RST flag: "tcp[tcpflags] & tcp-rst != 0"
Output options:
View MAC info: -e
Include hex and ASCII: -XX
ASCII only: -A
max verbosity: -vvv
ignore checksum errors: -K
quiet: -q
timestamp options: -t, -tt, -ttt, etc...
LinkedIn: LinkedIn: davidmahler
Links:
reference: www.tcpdump.org
reference: tcpdump man page!
tcpdump options used in this video:
Version check: -h
List interfaces: -D
Capture on eth0: -i eth0
Stop at 500 (or any #) of packets: -c500
No name resolution: -n
Change capture size (ex 96 Bytes): -s96
Max capture size: -s0
save to file capture.pcap: -w capture.pcap -v
Read from a capture file: -r capture.pcap
Filters:
IP: host (ip addr)
Source IP: src host (ip addr)
Dest. IP: dst host (ip addr)
port: port 80
MAC address: ether host (mac address)
protocol filters: tcp, udp, icmp, arp, rarp, ip6, (others)
SYN flag: "tcp[tcpflags] & tcp-syn != 0"
RST flag: "tcp[tcpflags] & tcp-rst != 0"
Output options:
View MAC info: -e
Include hex and ASCII: -XX
ASCII only: -A
max verbosity: -vvv
ignore checksum errors: -K
quiet: -q
timestamp options: -t, -tt, -ttt, etc...
10 سال پیش
در تاریخ 1393/09/25 منتشر شده
است.
146,990
بـار بازدید شده