From e08102ffc6188c60ecb71d56ec5de8e6e5f60dbd Mon Sep 17 00:00:00 2001 From: test2 Date: Tue, 12 Nov 2019 14:24:13 +0200 Subject: [PATCH] tcpdump --- sec/ex-2_iptables.adoc | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/sec/ex-2_iptables.adoc b/sec/ex-2_iptables.adoc index 3cd77b2..1e2d23a 100644 --- a/sec/ex-2_iptables.adoc +++ b/sec/ex-2_iptables.adoc @@ -108,6 +108,43 @@ tcpdump port 80 -w capture_file == Advanced +Now that we’ve seen what we can do with the basics through some examples, let’s look at some more advanced stuff. + +.More options +[source,bash] +---- + -X : Show the packet’s contents in both hex and ASCII. + -XX : Same as -X, but also shows the ethernet header. + -D : Show the list of available interfaces + -l : Line-readable output (for viewing as you save, or sending to other commands) + -q : Be less verbose (more quiet) with your output. + -t : Give human-readable timestamp output. + -tttt : Give maximally human-readable timestamp output. + -i eth0 : Listen on the eth0 interface. + -vv : Verbose output (more v’s gives more output). + -c : Only get x number of packets and then stop. + -s : Define the snaplength (size) of the capture in bytes. Use -s0 to get everything, unless you are intentionally capturing less. + -S : Print absolute sequence numbers. + -e : Get the ethernet header as well. + -q : Show less protocol information. + -E : Decrypt IPSEC traffic by providing an encryption key. +---- + + +[NOTE] +==== +It’s All About the Combinations + +Being able to do these various things individually is powerful, but the real magic of tcpdump comes from the ability to combine options in creative ways in order to isolate exactly what you’re looking for. There are three ways to do combinations, and if you’ve studied programming at all they’ll be pretty familiar to you. + +- AND + **and** or **&&** +- OR + **or** or **||** +- EXCEPT + **not** or **!** +==== +