Linux tcpdump and ngrep

From Ever changing code

Revision as of 00:50, 9 July 2018 by Pio2pio (talk | contribs) (Created page with "= Common examples of tcpdump = == Usage of expressions and | or with subnets == <source lang="bash"> tcpdump -qn -i any -p -e "(dst port 9443 or dst port 22 or dst port 8672)...")

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Common examples of tcpdump

Usage of expressions and | or with subnets

tcpdump -qn -i any -p -e "(dst port 9443 or dst port 22 or dst port 8672) \
  and (src net 10.34.96.128/25 or src net 10.34.97.128/25 or net 10.34.98.128/25)"
tcpdump -qn -i any -p -e "dst port 22 \
  and (src net 10.34.96.128/25 or src net 10.34.97.128/25 or net 10.34.98.128/25)"
# -q less verbose, -n no-dns, -p? -e expression

Retrieved from ‘http://wiki.ciscolinux.co.uk/index.php?title=Linux_tcpdump_and_ngrep&oldid=2962’