Tcpdump: Difference between revisions
From Federal Burro of Information
Jump to navigationJump to search
(Created page with "== Dump Syslog packets (tcp) == <pre> tcpdump -XSs 0 host 192.168.1.20 and tcp dst port 514 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening ...") |
No edit summary |
||
| Line 1: | Line 1: | ||
also Wireshark | |||
== Dump Syslog packets (tcp) == | == Dump Syslog packets (tcp) == | ||
| Line 12: | Line 14: | ||
0x0040: 5772 7420 726f 6f74 3a20 7465 7374 0a Wrt.root:.test. | 0x0040: 5772 7420 726f 6f74 3a20 7465 7374 0a Wrt.root:.test. | ||
</pre> | </pre> | ||
ip.dst == 98.158.95.104 and tcp.dstport == 993 | |||
Revision as of 17:55, 24 August 2011
also Wireshark
Dump Syslog packets (tcp)
tcpdump -XSs 0 host 192.168.1.20 and tcp dst port 514
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
22:02:40.666403 IP mummu.52726 > cydonia.shell: P 2549598918:2549598957(39) ack 2091700838 win 2920
0x0000: 4500 004f 8c6c 4000 4006 2a98 c0a8 0114 E..O.l@.@.*.....
0x0010: c0a8 0140 cdf6 0202 97f7 cac6 7cac d266 ...@........|..f
0x0020: 5018 0b68 bf60 0000 3c31 333e 4e6f 7620 P..h.`..<13>Nov.
0x0030: 3231 2030 303a 3032 3a31 3020 4f70 656e 21.00:02:10.Open
0x0040: 5772 7420 726f 6f74 3a20 7465 7374 0a Wrt.root:.test.
ip.dst == 98.158.95.104 and tcp.dstport == 993
