Jump to content

TCP Dump


rev.dennis
 Share

Recommended Posts

Wireshark is my preferred method of capturing files but it does take more resources (CPU and Memory) then a command line based tool like tcpdump. It would be best to look at the manpage for all the options but I will give you the example below that I use on a regular basis which will continuously create 20Mb files and once 1000 files get created it will begin overwriting files.

 



sudo tcpdump -i eth0 -nnvv -w /home/hosangit/captures/ustrocapture.log -W 1000 -C 20,000,000

Now that you have all these files here are a few tools you can use to analyze the data


I will include examples with each of these as I put them together with some screen shots.


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...