27 March, 2014

Tcpdump Examples

As much as I like using Wireshark, I'm a sucker for a command interface.  The trouble is properly defining a filter has been difficult to say the least, boring simple post, but below is a list of brief examples and descriptions.

#!/bin/bash

#--grab the first 10 packets and write to file
  tcpdump -c 10 -i wlan0 -w /tmp/data.pcap

#--grab the first 10 packets to/from host and write to file
  tcpdump -c 10 -i wlan0 host 192.168.1.125 -w /tmp/data.pcap

#--grab the first 10 packets from host and write to file
  tcpdump -c 10 -i wlan0 src host 192.168.1.125 -w /tmp/data.pcap

#--grab the first 10 packets to host and write to file
  tcpdump -c 10 -i wlan0 dst host 192.168.1.125 -w /tmp/data.pcap

#--grab the first 10 packets to/from port and write to file
  tcpdump -c 10 -i wlan0 port 80 -w /tmp/data.pcap

#--grab the first 10 packets to/from net and write to file
  tcpdump -c 10 -i wlan0 net 192.168.1 -w /tmp/data.pcap

#--grab the first 10 packets from network and write to file
  tcpdump -c 10 -i wlan0 src net 192.168.1 -w /tmp/data.pcap

#--grab the first 10 packets from network and write to file
  tcpdump -c 10 -i wlan0 dst net 192.168.1 -w /tmp/data.pcap

#--grab the first 10 packets from network and write to file
  tcpdump -c 10 -i wlan0 '(dst host 192.168.1.125) and (port 443)' -w /tmp/data.pcap