Versions Compared

Version Old Version 5 New Version Current
Changes made by

Roopika Yuvaraj (Deactivated)

Roopika Yuvaraj (Deactivated)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Reading packets from a network interface may require that you have special privileges; see the pcap (3PCAP) man page for details. Reading a saved packet file doesn’t require special privileges.

Options

-A    Print each packet (minus its link level header) in ASCII. Handy   for capturing web pages. 

-B    Set the operating system capture buffer size to buffer_size.

-c    Exit after receiving count packets.

-d    Dump the compiled packet-matching code in a human readable form to standard output and stop.

-dd  dd   Dump packet-matching code as a C program fragment.

-ddd  Dump packet-matching code as decimal numbers (preceded with a  count).

-D    Print the list of the network interfaces available on the system and on which tcpdump can capture packets. For each network interface, a number and an interface name, possibly followed by a text description of the interface, is printed. The interface name or the number can be supplied to the -i flag to specify an interface on which to capture. This can be useful on systems that don’t have a command to list them (e.g., Windows systems, or UNIX systems lacking ifconfig -a); the number can be useful on Windows 2000 and later systems, where the interface name is a somewhat complex string. 

The -D flag will not be supported if tcpdump was built with an older version of libpcap that lacks the pcap_findalldevs() function.

-e    Print the link-level header on each dump line.

-E    Use spi@ipaddr algo:secret for decrypting IPsec ESP packets that are addressed to addr and contain Security Parameter Index value spi. This combination may be repeated with comma or newline seperation. 

...

UDP Name Server Responses

Name server responses are formatted as
   src > dst: id op rcode flags a/n/au type class data (len)
   helios.domain > h2opolo.1538: 3 3/3/7 A 128.32.137.3 (273)
   helios.domain > h2opolo.1537: 2 NXDomain* 0/1/0 (97)
In the first example, helios responds to query id 3 from h2opolo with 3 answer records, 3 name server records and 7 additional records. The first answer record is type A (address) and its data is internet address128.32.137.3.The total size of the response was 273 bytes, excluding UDP and IP headers. The op (Query) and response code(NoError) were omitted, as was the class (C_IN) of the A record.

...