2011年12月20日 星期二

tcpdump

Options

-i interface: interface to listen on.
-n: disable name lookups.
-t: don't print timestamps.
-s0 (or -s 0): use the max "snaplen"—capture full packets (default in recent versions of tcpdump).
-xx: dump data and link-layer header in hex
-XX: dump data and link-layer header in hex+ascii
-vvv: more verbose.


Filter Expression
tcp
port 25 and not host 10.0.0.3
icmp or arp or udp
vlan 3 and ether src host aa:bb:cc:dd:ee:ff
arp or udp port 53
icmp and \(dst host mrorange or dst host mrbrown\)



tcpdump fu | Linux Journal
http://www.linuxjournal.com/content/tcpdump-fu?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+linuxjournalcom+%28Linux+Journal+-+The+Original+Magazine+of+the+Linux+Community%29&utm_content=Google+Reader

沒有留言: