Using tcpdump to capture traffic

I like tshark (command line wireshark), but some of our servers don’t have it installed and won’t have it installed. So I’m re-learning tcpdump!

List data from a specific source IP

tcpdump src 10.1.2.3

List data sent to a specific port

tcpdump dst port 5048

List data sent from an entire subnet

tcpdump net 10.1.2.0/26

And add -X or -A to see the whole packet.

Leave a Reply

Your email address will not be published. Required fields are marked *