To filter by IP address:
$ sudo tcpdump host x.x.x.x
To filter by interface:
$ sudo tcpdump -i eth0
To filter by source:
$ sudo tcpdump src x.x.x.x
To filter by destination:
$ sudo tcpdump dst x.x.x.x
To filter by protocol:
$ sudo tcpdump icmp
[root@server ~]# tcpdump -i enp0s8 -c100 -nn -w output_file
tcpdump: listening on enp0s8, link-type EN10MB (Ethernet), capture size 262144 bytes
100 packets captured
102 packets received by filter
0 packets dropped by kernel
.pcap dosya okuma
tcpdump -r output_file
tcpdump -nnSX port 443
04:45:40.573686 IP 78.149.209.110.27782 > 172.30.0.144.443: Flags [.], ack 278239097, win 28, options [nop,nop,TS val 939752277 ecr 1208058112], length 0 0x0000: 4500 0034 0014 0000 2e06 c005 4e8e d16e E..4........N..n 0x0010: ac1e 0090 6c86 01bb 8e0a b73e 1095 9779 ....l......>...y 0x0020: 8010 001c d202 0000 0101 080a 3803 7b55 ............8.{U 0x0030: 4801 8100
tcpdump port 3389 tcpdump src port 1025
No responses yet