Skip to Content

Recipes for tcpdump

Posted in

tcpdump is a great tool for protocol traffic analysis and troubleshooting. I'm sure by now you know you need it, but you just need to know how to effectively use it. This post will be updated ongoing.

Have a look here http://dmiessler.com/study/tcpdump_recipes/. You'll find some great tips on tcpdump and other things nix.

  1. man tcpdump
  2. tcpdump -AvvvSs 1500 -i eth0 host 10.10.10.1
    This enables packet tracing on the local eth0 interface for traffic to and from host 10.10.10.1. I was using this to analyze Set-Cookie headers in HTTP traffic. Read the man page for further information on options. I used 1500 for the snaplen because that was all the data I needed. If you want the whole packet, specify 0.
  3. tcpdump -AvvvSs 1500 -i any dst port 7143
    Capture IMAP traffic going to a reverse-proxied Zimbra mailbox server. Note the use of
    -i any
    This is how you are going to capture traffic that is going across all interfaces.
  4. tcpdump -AvvvSs 1500 -i any dst host 127.0.0.1 && dst port 25
    Useful if you are watching packets from a local program that sends mail to the local Sendmail server.
  5. tcpdump -i en1 -nnvvXSs 1514 host 192.168.5.9 and port 389
    Dumping packets going across en1 to 192.168.5.9 on port 389.