Linux tcpdump and ngrep

From Ever changing code

Revision as of 10:26, 18 August 2018 by Pio2pio (talk | contribs) (Pio2pio moved page Linux tcpdump to Linux tcpdump and ngrep without leaving a redirect: ngrep takes the same/ similar arguments as tcpdump)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

Common examples of tcpdump

Usage of expressions and | or with subnets

tcpdump -qn -i any -p -e "(dst port 9443 or dst port 22 or dst port 8672) \
  and (src net 10.34.96.128/25 or src net 10.34.97.128/25 or net 10.34.98.128/25)"
tcpdump -qn -i any -p -e "dst port 22 \
  and (src net 10.34.96.128/25 or src net 10.34.97.128/25 or net 10.34.98.128/25)"
# -q less verbose, -n no-dns, -p? -e expression

Retrieved from ‘http://wiki.ciscolinux.co.uk/index.php?title=Linux_tcpdump_and_ngrep&oldid=3004’