tcpdump - Options I -- Network Programming

[ Show ]

Support VoyForums

[ Shrink ]

VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

[ Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: 1, [2] ]

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Date Posted: 23:35:25 03/04/07 Sun
Author: Anandan.V.S.
Subject: tcpdump - Options I
In reply to: Anandan 's message, "Packet Capture" on 22:18:04 03/04/07 Sun

A number of command line options are available with tcpdump. Roughly speaking options can be separated into four broad categories-Commands that control the program operations (excluding filtering), commands that control how data is displayed, and filtering commands.

I. Controlling program behavior
-------------------------------
This class of options affects program behavior, including the way data is collected.
-w to write the captured data in binary format.
-r to replay the binary in text format.

$tcpdump -w rawfile
$tcpdump -r rawfile > textfile
-c option to specify the maximum number of packets to be captured.
$tcpdump -c100
-i option to specify which interface to use when the host has more than one network interfaces.Use the command 'inconfig -a' to discover what interfaces are available and what networks they correspond to if you aren't sure.
For example, suppose you are using a computer with two class C interfaces, xl0 with an IP address of 205.153.63.238 and xl1 with an IP address of 205.153.61.178. Then to capture traffic on the 205.153.61.0 network, you would use the command:
$tcpdump -i xl1

Without an explicitly identified interface, tcpdump default to the lowest numbered interface.
-p option says that the interface should not be put into promiscuous mode. This option would, in theory, limit capure to the normal traffic on the interface-traffic to or from the hos, multicast traffic, and broadcast traffic. In practice, the interface might be in promiscuous mode for some other reason. In this event, -p will not turn promiscuous mode off.

-s option controls the amount of data captured. Normally, tcpdump defaults to some maximum byte count and will only capture up to that number of bytes from individual packets. By limiting the numbe of bytes collected, privacy can be improved. Limiting the number of bytes collected also decreases processing and buffering requirements.

The following command command will collect the entire packet if its length is less than or equal to 200 bytes:
$tcpdump -s200
Longer packets will be truncated to 200 bytes.

If you're capturing files using the -w option, you should be aware that the number of bytes collected will be what is specified by the -s option at the time of capture. The -s option does not apply to files read back with the -r option. Whatever you captured is what you have. If it was too few bytes, hen you will have to recapture the data.

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Replies:

tcpdump - Option II -- Anandan, 02:04:39 03/12/07 Mon

[ Contact Forum Admin ]

Forum timezone: GMT-8
VF Version: 3.00b, ConfDB:
Before posting please read our privacy policy.
VoyForums^(tm) is a Free Service from Voyager Info-Systems.
Copyright © 1998-2019 Voyager Info-Systems. All Rights Reserved.