- Card/Note
- Application/tcpdump
- Application/cut
date: 2023-01-31
publish: true
zettelkasten: shared
hide: toc
search:
boost: 1.5
tcpdump
Source: https://gitlab.com/dpremy/dot-misc/-/blob/master/cheatsheets/tcpdump_cheatsheet.md
Bash |
---|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29 | # list all nics
tcpdump -D
# no timestamps, no name or port conversions, semi verbose, and interface eth1
tcpdump -tttt -nn -vv -i eth1
# dump all ASCII traffic
tcpdump -A
# write pcap
tcpdump -w <filename>.pcap
# read pcap
tcpdump -r <filename>.pcap
# all traffic to/from specific hosts
tcpdump host 192.168.0.1 or host 192.168.0.2
# all traffic from network
tcpdump net 10.1.1.0/24
# all traffic except from host or net
tcpdump not net 192.168.1 and not host 192.168.0.254
# all traffic on a port range, or a single port, with no name or port conversions
tcpdump portrange 7700-7750 or port 7800 -nn
# wait for 2000 packets, then list top 20 clients (DOS/DDOS)
tcpdump -nn -c 2000 | awk '{print $2}' | cut -d. -f1-4 | sort -n | uniq -c | sort -rn | head -n20
|