Thursday, June 25, 2015

My tcpdump cookbook - favourite examples

Use the tcpdump command on linux to monitor network traffic. Here are some of my favourite recipies for tcpdump success.  My little cookbook shows typical TCPDump tasks.

0) Monitor Web Traffic

1) Monitor web service traffic on an apache server. given that your server has an eth0 network port. If your web client device is at 192.168.99.10, this following command will monitor all traffic from that device that enter eth0 on port 80.

tcpdump -i eth0 -vvv tcp port 80 and src 192.168.99.10

Options:  -vvv       Verbose dump of network headers
                -i           network interface selector
                -A         Display all cleartext packet details. (optional)


1)Dump SIP Traffic from eth0

Example: Troubleshooting SIP network traffic on an Asterisk server, dump udp port 5060

sudo tcpdump -i eth0 -vvv udp port 5060 and dst 68.4.XX.YY

Example: Dump SIP traffic to a file, then print the file out
tcpdump -i eth0 -vvv udp port 5060 and dst 68.4.XX.YY -w dump.pcap
tcpdump -xx -n -r dump.pcap | more

2)Dump and Print UDP port 29110

## capture packets
sudo dumpcap -i eth2 -w dumper.pcap -f "udp port 29110"
sudo tcpdump -xx -n -r dumper.pcap  | more

3)Printing Captured Packets

use the -A option to print the ascii text transaction in the dump.cap file
tcpdump -A -n -r dump.pcap | more

4)Dump UDP by source address

tcpdump -vvv -i eth0 udp and src 68.4.XX.XX



No comments:

Post a Comment