## Wednesday, June 16, 2010

### tcpdump command notes

To dump all the lead packet data and ip/tcp headers in/out of the box (ie if suspect the box was hacked and is transmitting data..)

sudo tcpdump -Xx


If you track it to a url then you can filter it out a bit better with commands like this.. (the tcpdump man has many good filter examples.)
sudo tcpdump dst host www.google.com


here are the wiki entries with the packet defination