Scribd
Upload
154 views

TCP Dump

TCPDump is a network packet analyzer tool that uses the libpcap API. It is available for Unix-like systems and Windows (via WinDump). TCPDump allows filtering packets based on host addresses, ports, and TCP flags. Filters can be combined using Boolean operators like "and" to filter for specific criteria.

Uploaded by

João Paulo da Silva
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
154 views

TCP Dump

TCPDump is a network packet analyzer tool that uses the libpcap API. It is available for Unix-like systems and Windows (via WinDump). TCPDump allows filtering packets based on host addresses, ports, and TCP flags. Filters can be combined using Boolean operators like "and" to filter for specific criteria.

Uploaded by

João Paulo da Silva
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 5

TCPDump

Prof. Nelson Fonseca


TCPDump

• Sniffer – analisador de host schematic

tráfego application

• Baseado na API libpcap


transport
network cpu memory
link

• Disponível para Unix-like,


WinDump versão para
host
bus
controller (e.g., PCI)
Windows link
physical
physical

• Outro sniffer: Wireshark


transmission

network adapter
card
Filtros
• Filtering on a host address
 To view all packets that are traveling to or from a specific IP address, type the following command:tcpdump host <IP address>
For example: tcpdump host 10.90.100.1
 To view all packets that are traveling from a specific IP address, type the following command:tcpdump src host <IP address>
For example: tcpdump src host 10.90.100.1
 To view all packets that are traveling to a particular IP address, type the following command:tcpdump dst host <IP address>
For example: tcpdump dst host 10.90.100.1

• Filtering on a port
 To view all packets that are traveling through the BIG-IP system and are either sourced from or destined to a specific port, type the following command:tcpdump
port <port number>
For example: tcpdump port 80
 To view all packets that are traveling through the BIG-IP system and sourced from a specific port, type the following command:tcpdump src port<port number>
For example: tcpdump src port 80
 To view all packets that are traveling through the BIG-IP system and destined to a specific port, type the following command:tcpdump dst port <port number>
For example: tcpdump dst port 80

• Filtering on a tcp flag


To view all packets that are traveling through the BIG-IP system that contain the SYN flag, type the following command:tcpdump 'tcp[tcpflags] & (tcp-syn) != 0'
To view all packets that are traveling through the BIG-IP system that contain the RST flag, type the following command:tcpdump 'tcp[tcpflags] & (tcp-rst) != 0'
Combinando Expressões

• Combining filters with the 'and' operator


• You can use the and operator to filter for a mixture of
output.
tcpdump host 10.90.100.1 and port 80
tcpdump src host 172.16.101.20 and dst port 80
tcpdump src host 172.16.101.20 and dst host 10.90.100.1

You might also like