The Coding Slim Jim: tcpdump command notes

Wednesday, June 16, 2010

To dump all the lead packet data and ip/tcp headers in/out of the box (ie if suspect the box was hacked and is transmitting data..)

sudo tcpdump -Xx

If you track it to a url then you can filter it out a bit better with commands like this.. (the tcpdump man has many good filter examples.)

sudo tcpdump dst host www.google.com

here are the wiki entries with the packet defination
IP header
Tcp header

The Coding Slim Jim