How to use TCPDump to capture a specific port's data
Posted: Mon Feb 13, 2012 12:03 pm
TCPDump allows you to capture the network packets on a network card and display the info related to the packets on the screen or write it to a file.
The standard usage just dumps the source and destination address and ports.
This will dump all the packet info for all the packets on interface eth0 and not do any DNS lookups for the IPs.
If you are connected to this ethernet card, you should exclude your traffic using a rule like this:
or you can explicitly state the port that you want to capture information for:
To capture the enitre packet and it's content, you need to add the following to the command line:
So it should look like this:
The resulting file can be viewed with Wireshark.
The standard usage just dumps the source and destination address and ports.
This will dump all the packet info for all the packets on interface eth0 and not do any DNS lookups for the IPs.
- Code: Select all
tcpdump -n -i eth0
If you are connected to this ethernet card, you should exclude your traffic using a rule like this:
- Code: Select all
tcpdump -n -i eth0 not host 192.168.0.10 and not port 22
or you can explicitly state the port that you want to capture information for:
- Code: Select all
tcpdump -n -i eth0 port 25
To capture the enitre packet and it's content, you need to add the following to the command line:
- Code: Select all
-s0 -w testfile.pcap
So it should look like this:
- Code: Select all
tcpdump -n -i eth0 -s 0 -w testfile.pcap port 25
The resulting file can be viewed with Wireshark.