Tcpdump

From Dave-Wiki
Revision as of 19:02, 21 January 2025 by Dave (talk | contribs) (Created page with "=Summary= tcpdump is a command-line packet analyzer (or packet sniffer) that allows users to capture and inspect network traffic in real time. It is commonly used for network troubleshooting, debugging, and security analysis. tcpdump works by intercepting and displaying the packets being transmitted or received over a network interface, giving users detailed information about network activity. =General= ==Common Tasks== ===Remote packet-capture from Aruba Controller=...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Summary

tcpdump is a command-line packet analyzer (or packet sniffer) that allows users to capture and inspect network traffic in real time. It is commonly used for network troubleshooting, debugging, and security analysis. tcpdump works by intercepting and displaying the packets being transmitted or received over a network interface, giving users detailed information about network activity.

General

Common Tasks

Remote packet-capture from Aruba Controller

Aruba controller sends the remote packet-capture GRE-encapsulated.

On capture server: 

sudo tcpdump -ni ens224 proto gre -w capture.pcap

On Aruba controller: 

packet-capture destination ip-address 128.186.255.198

packet-capture datapath ipsec

When done, don't forget to: 

no packet-capture datapath ipsec
Retrieved from "https://davehome.net/wiki/index.php?title=Tcpdump&oldid=396"