tcpdump: Difference between revisions
From Leechfinger
Jump to navigationJump to search
No edit summary |
No edit summary |
||
| Line 19: | Line 19: | ||
|- | |- | ||
| -w || Output file name. | | -w || Output file name. | ||
|- | |||
| -Z || User, root. | |||
|- | |- | ||
| -r || Read the output file. | | -r || Read the output file. | ||
| Line 28: | Line 30: | ||
=== Interface, file size, rotation, output file=== | === Interface, file size, rotation, output file=== | ||
<syntaxhighlight lang="bash"> | <syntaxhighlight lang="bash"> | ||
# tcpdump -i eth0 -C300 -W4 -w $HOSTNAME-tcpdump.pcap | # tcpdump -i eth0 -Z root -C300 -W4 -w $HOSTNAME-tcpdump.pcap | ||
# tcpdump -r zyklonB-tcpdump.pcap | # tcpdump -r zyklonB-tcpdump.pcap | ||
</syntaxhighlight> | </syntaxhighlight> | ||
[[Category:Commands]] | [[Category:Commands]] | ||
Revision as of 16:36, 10 May 2025
Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression. Many flags need root permissions to run.
Install
# apt install tcpdump
Flags
| Flag | Description |
|---|---|
| -D | List all interfaces. |
| -i | Interface, eth1, any. |
| -C | Max file size to save, all files will have subsequent numbers. |
| -W | Limit the number of files, use with -C. |
| -w | Output file name. |
| -Z | User, root. |
| -r | Read the output file. |
List all interfaces
# tcpdump -D
Interface, file size, rotation, output file
# tcpdump -i eth0 -Z root -C300 -W4 -w $HOSTNAME-tcpdump.pcap
# tcpdump -r zyklonB-tcpdump.pcap
