Knowledge base - Linux Netzwerk
Parameter für tcpdump zum Sniffen
tcpdump -X -s 0 reicht aus, darüber hinaus kann man noch die folgenden Optionen
tcpdump -vvv -X -x -s 0
-s Snarf snaplen bytes of data from each packet rather than the
default of 68 (with SunOS's NIT, the minimum is actually 96).
68 bytes is adequate for IP, ICMP, TCP and UDP but may truncate
protocol information from name server and NFS packets (see
below). Packets truncated because of a limited snapshot are
indicated in the output with ``[|proto]'', where proto is
the name of the protocol level at which the truncation
Note that taking larger snapshots both increases the amount of
time it takes to process packets and, effectively, decreases the
amount of packet buffering. This may cause packets to be lost.
You should limit snaplen to the smallest number that will cap-
ture the protocol information you're interested in. Setting
snaplen to 0 means use the required length to catch whole pack-
-x Print each packet (minus its link level header) in hex. The
smaller of the entire packet or snaplen bytes will be printed.
Note that this is the entire link-layer packet, so for link lay-
ers that pad (e.g. Ethernet), the padding bytes will also be
printed when the higher layer packet is shorter than the
-X When printing hex, print ascii too. Thus if -x is also set, the
packet is printed in hex/ascii. This is very handy for
analysing new protocols. Even if -x is not also set, some parts
of some packets may be printed in hex/ascii.
-vvv Even more verbose output. For example, telnet SB ... SE options
are printed in full. With -X telnet options are printed in hex
Knowledge base wurde zuletzt bearbeitet am 12.07.13 durch Frank