-
Notifications
You must be signed in to change notification settings - Fork 14
tcpdump
lethanhtung01011980 edited this page Mar 24, 2020
·
6 revisions
To listen on an interface
- tcpdump - i tun0
To create pcap
tcpdump -s 0 port ftp or ssh -i eth0 -w mycap.pcap
- -s 0 will set the capture byte to its maximum i.e. 65535, after this capture file will not truncate.
To read from pcap
tcpdump -r password_cracking_filtered.pcap
tcpdump -n src host victim-ip -r password_cracking_filtered.pcap
tcpdump -n dst host victim-ip -r password_cracking_filtered.pcap
tcpdump -n port 81 -r password_cracking_filtered.pcap
To read from pcap and view the content of packet
tcpdump -X -r password_cracking_filtered.pcap