Reading from file enp0s3-26082018.pcap, link-type EN10MB (Ethernet) Reading the packets with human readable timestamp, ~]# tcpdump -tttt -r enp0s3-26082018.pcap In the above example we have saved the captured packets to a file, we can read those packets from the file using the option ‘ -r‘, example is shown below, ~]# tcpdump -r enp0s3-26082018.pcap Tcpdump: listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytesĬapturing and Saving the packets whose size greater than N bytes ~]# tcpdump -w enp0s3-26082018-2.pcap greater 1024Ĭapturing and Saving the packets whose size less than N bytes ~]# tcpdump -w enp0s3-26082018-3.pcap less 1024 Example:6) Reading packets from the saved file ( -r option) Let’s assume i want to save the captured packets of interface “ enp0s3” to a file name enp0s3-26082018.pcap ~]# tcpdump -w enp0s3-26082018.pcap -i enp0s3Ībove command will generate the output something like below, ~]# tcpdump -w enp0s3-26082018.pcap -i enp0s3 Let’s assume we want to capture 12 packets from the specific interface like “enp0s3”, this can be easily achieved using the options “ -c Output would be something like below, tcpdump: verbose output suppressed, use -v or -vv for full protocol decode Let’s assume, i want to capture packets from interface “enp0s3” ~]# tcpdump -i enp0s3 When we run the tcpdump command without any options, it will capture packets on the all interfaces, so to capture the packets from a specific interface use the option ‘ -i‘ followed by the interface name.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |