Latest revision as of 19:08, 21 January 2025

Summary

tcpdump is a command-line packet analyzer (or packet sniffer) that allows users to capture and inspect network traffic in real time. It is commonly used for network troubleshooting, debugging, and security analysis. tcpdump works by intercepting and displaying the packets being transmitted or received over a network interface, giving users detailed information about network activity.

General

Common Tasks

Arguments

-n: Don't resolve IP addresses.
-i {interface}: Specify an interface to capture on.
-w {file}: Save output to file.
-vv: Show verbose output on screen.; (this is helpful to keep track of how many packets you've captured)
Ctrl+C: Stop the capture.

Capture all traffic on an interface

sudo tcpdump -ni ens192 -w capture.pcap

Capture all traffic involving a specific host

sudo tcpdump -ni ens192 host 10.0.0.1 -w capture.pcap

@@ Line 7: / Line 7: @@
 ==Common Tasks==
-===Remote packet-capture from Aruba Controller===
+===Arguments===
-Aruba controller sends the remote packet-capture GRE-encapsulated.
+;-n: Don't resolve IP addresses.
+;-i {interface}: Specify an interface to capture on.
+;-w {file}: Save output to file.
+;-vv: Show verbose output on screen.
+: ''(this is helpful to keep track of how many packets you've captured)''
+;Ctrl+C: Stop the capture.
-On capture server:
+===Capture all traffic on an interface===
-  sudo tcpdump -ni ens224 proto gre -w capture.pcap
+  sudo tcpdump -ni ens192 -w capture.pcap
-On Aruba controller:
+===Capture all traffic involving a specific host===
-  packet-capture destination ip-address 128.186.255.198
+  sudo tcpdump -ni ens192 host 10.0.0.1 -w capture.pcap
- packet-capture datapath ipsec
-When done, don't forget to:
- no packet-capture datapath ipsec