====== tcpdump more======
Feb 2021
\\
\\
----
\\
\\
Here are some more great uses for tcpdump.
\\
\\
tcpdump -i eth0 -nn -Q in
\\
\\
Shows only the 'input' traffic on the specified interface
\\
\\
Can also use -Q out for just outgoing traffic
\\
----
\\
tcpdump -i eth0-nn igmp
\\
\\
Shows only IGMP traffic on the specified interface
\\
\\
Can be combined with -Q in/out
\\
\\
tcpdump -i eth0 -nn igmp -Q in
\\
----
\\
tcpdump -i eth0 -nn -w capfile.pcap
\\
\\
A simple tcpdump capture. -w is write.
\\
\\
Can be combined with -Q in/out
\\
\\
tcpdump -i eth0 -nn -Q out -w capfile.pcap
\\
\\
This captures only the ouput traffic on the interface eth0
\\
\\
----
\\
tcpdump -i eth0 -nn port 5555
\\
\\
Shows only traffic using port 5555.
\\
\\
Can be combined with -Q in/out
\\
\\
tcpdump -i ens192 -nn -Q in port 5555
\\
\\
Shows only traffic on port 5555 coming in to eth0
\\
\\
----