Wednesday, June 16, 2010

tcpdump command notes

To dump all the lead packet data and ip/tcp headers in/out of the box (ie if suspect the box was hacked and is transmitting data..)

sudo tcpdump -Xx

If you track it to a url then you can filter it out a bit better with commands like this.. (the tcpdump man has many good filter examples.)
sudo tcpdump dst host

here are the wiki entries with the packet defination
IP header
Tcp header

No comments:

Post a Comment