tcpdump http traffic 

tcpdump  -s 0 -i eth0 dst or src host mydomain.com  and port 80
tcpdump  -A -s 0 -i eth0 dst or src host mydomain.com  and port 80
other commands 
tcpdump src 192.168.11.200
tcpdump src 192.168.11.200 and port tftp
tcpdump -n dst 192.168.11.1 and udp
tcpdump -n dst 192.168.0.1 or  dst 192.168.0.10 and udp # display ip
tcpdump -nn dst 192.168.0.1 or  dst 192.168.0.10 and udp # display both ip and port
tcpdump -nn ip multicast  and not broadcast
see also http://www.rationallyparanoid.com/articles/tcpdump.html
Posted by rain at 12:43 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)