dump and save traffic of network on file:
# tcpdump -w <filename> -i <network interface> -s 0ex. # tcpdump -w host.pcap -i eth0 -s 0
note: "-s 0" parameter is for capturing all of the response and not do a "S"nap
note too: you can use '((tcp) and (port 80))' to only dump communication using tcp protocol on port 80
ex. # tcpdump -w host.pcap -i eth0 '((tcp) and (port 80))' -s 0
read dump file:
# tcpdump -ttttnr <filename>
(source/s: http://bikulov.org/post/34917160303/tools-for-tracing-a-pcap-file-in-linux-bash, http://quimicefa.wordpress.com/2009/07/16/tcpdump-%E2%80%93-packet-size-limited-during-capture-eng/)
i recently used this to show successful communication between hosts, making sure packets are sent and received.
ps. if you're using wireshark to view your pcap file, filtering by source and destination ip helped me find specific tcp streams (Filter: ip.src==<ip> or ip.dst==<ip>)
No comments:
Post a Comment