As I do my MSc Project with some tools including TCPDump, I decided to post some tips on using TCPDump.
First things first – some commands.
Basic command to capture traffic on a given interface (e.g. eth0)
tcpdump tcp -i eth0 -w capture.log
In this instance, traffic on eth0 will be captured and saved to a file called capture.log
if you intend to export this log to Excel as a CSV file which is a little tricky, Wireshark for the rescue!
Open the log file in Wireshark -> File -> Export Packet Dissections -> Export as CSV
Make sure that you also add the .csv at the end of the filename regardless of it being saved as CSV. Now, the file should open in Excel.
All traffic on an interface
tcpdump -i eth0
Specified number of packets
tcpdump -c 20 -i eth0
-c specifies the number of packets
To display MAC address in the capture
tcpdump -e -i eth0
For a timed capture on TCPDump
tcpdump all -G 15 -W 1 -w myfile_tcp_15secs -i eth0
The ‘–G 15’ defines the time period for TCPDump to capture
The ‘-w’ writes to file as named in to location of current directory
The ‘–W’ is the number of iterations the capture will occur
Leave your comments