tcpdump: Difference between revisions
From Leechfinger
Jump to navigationJump to search
No edit summary |
No edit summary |
||
| Line 14: | Line 14: | ||
| -i || Interface, eth1, any. | | -i || Interface, eth1, any. | ||
|- | |- | ||
| -C || Max file size to save, all files will have subsequent numbers. | | -C || Max file size to save, -C100, 100 meg, all files will have subsequent numbers. | ||
|- | |- | ||
| -W || Limit the number of files, use with -C. | | -W || Limit the number of files, -W5, use with -C. | ||
|- | |- | ||
| -w || Output file name. | | -w || Output file name. | ||
|- | |- | ||
| -Z || User, root. | | -Z || User, -Z root. | ||
|- | |- | ||
| -r || Read the output file. | | -r || Read the output file. | ||
|- | |||
| -c || Packets captured, -c100. | |||
|} | |} | ||
=== List all interfaces === | === List all interfaces === | ||
Revision as of 16:40, 10 May 2025
Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression. Many flags need root permissions to run.
Install
# apt install tcpdump
Flags
| Flag | Description |
|---|---|
| -D | List all interfaces. |
| -i | Interface, eth1, any. |
| -C | Max file size to save, -C100, 100 meg, all files will have subsequent numbers. |
| -W | Limit the number of files, -W5, use with -C. |
| -w | Output file name. |
| -Z | User, -Z root. |
| -r | Read the output file. |
| -c | Packets captured, -c100. |
List all interfaces
# tcpdump -D
Interface, file size, rotation, output file
# tcpdump -i eth0 -Z root -C300 -W4 -w $HOSTNAME-tcpdump.pcap
# tcpdump -r zyklonB-tcpdump.pcap
