Using TCPDump Filter Expressions
Table 1: Examples of TCPDump Filter Expressions
Example | Result |
---|---|
tcp port 80 | Sniffs packets on TCP port 80. |
port 80 | Sniffs packets on TCP or UDP port 80. |
ip | Sniffs the IP protocol. |
tcp | Sniffs the TCP protocol. |
dst #.#.#.# | Sniffs the destination IP address specified, where #.#.#.# is a valid IP address. |
src #.#.#.# | Sniffs the source IP address specified, where #.#.#.# is a valid IP address. |
port 80 or port 443 | Sniffs on port 80 or port 443. |
src #.#.#.# and dst #.#.#.# | Sniffs the source and destination IP addresses or hosts specified, where each #.#.#.# represents a valid IP address. |
tcp port 80 or port 443 and dst #.#.#.# and src #.#.#.# | This example shows how to specify multiple parameters to create a filter that sniffs on TCP port 80, or on TCP or UDP port 443, and on the destination and source ports, where each #.#.#.# represents a valid IP address. |
For more information about TCPDump Filter Expressions, visit the following Web site:http://www.tcpdump.org/tcpdump_man.html |