Recipes for tcpdump

tcpdump is a great tool for protocol traffic analysis and troubleshooting. I'm sure by now you know you need it, but you just need to know how to effectively use it. This post will be updated ongoing.

Have a look here http://dmiessler.com/study/tcpdump_recipes/. You'll find some great tips on tcpdump and other things nix.

1. man tcpdump
2. tcpdump -AvvvSs 1500 -i eth0 host 10.10.10.1
   This enables packet tracing on the local eth0 interface for traffic to and from host 10.10.10.1. I was using this to analyze Set-Cookie headers in HTTP traffic. Read the man page for further information on options. I used 1500 for the snaplen because that was all the data I needed. If you want the whole packet, specify 0.
3. tcpdump -AvvvSs 1500 -i any dst port 7143
   Capture IMAP traffic going to a reverse-proxied Zimbra mailbox server. Note the use of
   -i any
   This is how you are going to capture traffic that is going across all interfaces.
4. tcpdump -AvvvSs 1500 -i any dst host 127.0.0.1 && dst port 25
   Useful if you are watching packets from a local program that sends mail to the local Sendmail server.
5. tcpdump -i en1 -nnvvXSs 1514 host 192.168.5.9 and port 389
   Dumping packets going across en1 to 192.168.5.9 on port 389.