Let's check some more interesting options using tcpdump.
Host
# tcpdump host 192.168.1.22
look for traffic based on IP address (also works with hostname if you're not using -n), check the traffic of other machine using host option.
src, dst
# tcpdump src 192.168.1.22
# tcpdump dst 192.168.1.22
find traffic from only a source or destination (eliminates one side of a host conversation)
net
# tcpdump net 192.186.0.0/24
capture an entire network using CIDR notation
proto
# tcpdump icmp
works for tcp, udp, and icmp protocols.
port
# tcpdump port 3389
see only traffic to or from a certain port
src/dst, port, protocol
# tcpdump src port 1025 and tcp
# tcpdump udp and src port 53
combine all three options . You also have the option to filter by a range of ports instead of declaring them individually.
Port Ranges
# tcpdump portrange 21-23
see traffic to any port in a range.
Packet Size Filter
# tcpdump less 32
# tcpdump greater 128
only see packets below or above a certain size (in bytes)
tcpdump > 32
tcpdump <= 12
we can use the symbol also instead of less / greater
Grouping
# tcpdump 'src 10.0.2.4 and (dst port 3389 or 22)'
Traffic that's from 10.0.2.4 AND destined for ports 3389 or 22
Terima kasih telah membaca artikel tentang tcpdump more options di blog Tutorial Opensource and Linux jika anda ingin menyebar luaskan artikel ini di mohon untuk mencantumkan link sebagai Sumbernya, dan bila artikel ini bermanfaat silakan bookmark halaman ini di web browser anda, dengan cara menekan Ctrl + D pada tombol keyboard anda.