Last active
September 1, 2023 09:58
-
-
Save rlevchenko/b9e728d58f621e4ea123d9be2d0a7623 to your computer and use it in GitHub Desktop.
Tcpdump Examples
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Capture events on specific interface and filter them by grepping request | |
tcpdump -i ens192 -s 0 -A -v -n | egrep -i -A 5 -B 5 "*request*" | |
# Capture HTTP GET and POST requests | |
tcpdump -i ens192 -s 0 -v -n | egrep -i "POST /|GET /|Host:" | |
# Capture ALL POST requests (using ASCII) | |
tcpdump -i ens192 -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504F5354' | |
# Capture requests to 80 and 443 ports from 10.200.217.3 host | |
tcpdump -i ens192 -s 0 -A '(tcp dst port 80 or tcp dst port 443) and host 10.200.217.3' | |
# Write to file and rotate produced dump files every 5 minutes, up to 150 Mb file size and 15 in count | |
tcpdump -i ens192 -W 15 -G 300 -C 150 -nn tcp -w tcpdump.pcap | |
# Capture traffic between two hosts | |
tcpdump -i ens192 -s 0 -n host 10.200.217.2 and host 10.200.217.1 | |
# Capture traffic from specific ports | |
tcpdump -i ens192 -s 0 -n portrange 8080-8090 | |
# Capture ALL traffic with exception | |
tcpdump -i ens192 -s 0 -n not port 22 | |
# Capture ALL traffic in a specific network | |
tcpdump -i ens192 -s 0 -n net 10.200.217.0/24 | |
# Capture ALL packets with size greater than 128 bytes | |
tcpdump -i ens192 -s 0 greater 128 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment