CCMA #40 & JNCIE-SEC #166's blog about all things Check Point and Juniper
Tuesday, 6 September 2011
TCPDUMP: How to capture a full packet
This request generally comes around when there is some suspicious network activity seen by one of the IDS and the engineer wants to see the entire packet:
Hey - sure thing: nn = don't resolve host names or port names vv = verbosity level (can be v, vv, or vvv) X = Payload. Shows packets contents in both ASCII and HEX. If you need the ethernet header us XX instead of just X S = prints absolute sequence numbers s = allows you to set snaplen (in this case 1514) so we capture the whole packet.
thanks for this post..could you please explain ((-nnvvXSs 1514 ))terms???
ReplyDeleteHey - sure thing:
ReplyDeletenn = don't resolve host names or port names
vv = verbosity level (can be v, vv, or vvv)
X = Payload. Shows packets contents in both ASCII and HEX. If you need the ethernet header us XX instead of just X
S = prints absolute sequence numbers
s = allows you to set snaplen (in this case 1514) so we capture the whole packet.
Thanks for reading!
Hola, buenas puedes comentarme como hago para ver la captura, no tengo muy claro esto y estoy practicando
ReplyDelete