The IP can be either source or destination Ip. # tcpdump portrange 5060-5062įor an IP address only. Following is the command for capturing packets for a port range. If there are multiple ports (e.g 100) then the above command is difficult to use. The above just captures over a specific single port, for multiple ports following is the command # tcpdump port 5060 or port 5061 or port 5062 The following example captures the packets on port 5060 # tcpdump port 5060 How to capture port-specific messages?Įxample command captures network packets on a particular port. Here 8 is the numeric value for the ECHO message type. The following example shows how to capture the ECHO only. This reduces the size of capture and easy to analyze packets in Wireshark from a dump file. Maybe one wants to capture only the ECHO packet. ICMP has many messages, ECHO is one of them.
You will see the following output on the terminal. The IP address is the network address of the Linux machine on which the Tcpdump command is running. Next, is how we can test if Tcpdump ICMP is working? There is a message called ECHO request and answer which the ICMP provides.įrom Windows (OS) cmd console type the “ ping ip_addres“.
In the above we have taken a capture over all interfaces of a Linux machine, you can specify only the desired interface.
0 kommentar(er)
