Protocol and port filtering.
5.4.2.4.2 Protocol and port filtering.
It is possible to restrict capture to specific protocols such as IP, Appletalk, or TCP. You can also restrict capture to services built on top of these protocols, such as DNS or RIP. This type of capture can be done in three ways—by using a few specific keywords known by tcpdump, by protocol using the proto keyword, or by service using the port keyword. Several of these protocol names are recognized by tcpdump and can be identified by keyword. The following command restricts the traffic captured to IP traffic: bsd1 tcpdump ip Of course, IP traffic will include TCP traffic, UDP traffic, and so on. To capture just TCP traffic, you would use: bsd1 tcpdump tcp Recognized keywords include ip, igmp, tcp, udp, and icmp. There are many transport-level services that do not have recognized keywords. In this case, you can use the keywords proto or ip proto followed by either the name of the protocol found in the etcprotocols file or the corresponding protocol number. For example, either of the following will look for OSPF packets: bsd1 tcpdump ip proto ospf bsd1 tcpdump ip proto 89 Of course, the first works only if there is an entry in etcprotocols for OSPF. Built-in keywords may cause problems. In these examples, the keyword tcp must either be escaped or the number must be used. For example, the following is fine: bsd1 tcpdump ip proto 6 On the other hand, you cant use tcp with proto. bsd1 tcpdump ip proto tcp will generate an error. For higher-level services, services built on top of the underlying protocols, you must use the keyword port. Either of the following will collect DNS traffic: bsd1 tcpdump port domain bds1 tcpdump port 53 91 In the former case, the keyword domain is resolved by looking in etcservices. When there may be ambiguity between transport-layer protocols, you may further restrict ports to a particular protocol. Consider the command: bsd1 tcpdump udp port domain This will capture DNS name lookups using UDP but not DNS zone transfers using TCP. The two previous commands would capture both.5.4.2.4.3 Packet characteristics.
Parts
» Network Troubleshooting tool
» General Approaches to Troubleshooting
» Need for Troubleshooting Tools
» Documentation Troubleshooting and Management
» Ego management Management Practices
» Legal and ethical considerations
» Economic considerations Management Practices
» Basic Configuration Files System Configuration Files
» Configuration Programs Kernel System Configuration Files
» Application files Security files Log files
» Microsoft Windows Host Configurations
» Installing New Cabling Cabling
» Maintaining Existing Cabling Cabling
» Cable testers Testing Cabling
» Testing Adapters Connectivity Testing
» ping Software Testing with ping
» Simple examples Interpreting results
» Security and ICMP Smurf Attacks
» Ping of Death Other problems
» fping echoping Alternatives to ping
» arping Other programs Alternatives to ping
» Microsoft Windows Connectivity Testing
» Options Complications with traceroute
» Performance Measurements Path Performance
» ping revisited Bandwidth Measurements
» Packet pair software Bandwidth Measurements
» Traffic Measurements with netstat
» Microsoft Windows Path Characteristics
» Traffic Capture Tools Packet Capture
» Access to Traffic Packet Capture
» Controlling program behavior tcpdump Options
» Controlling how information is displayed
» Protocol and port filtering.
» tcpdpriv tcpflow Analysis Tools
» trafshow xplot Other Packet Capture Programs
» Switch Security Dark Side of Packet Capture
» Protecting Yourself Dark Side of Packet Capture
» Characteristics of Management Software
» IP Address Management Device Discovery
» Stack Fingerprinting Device Identification
» nmap Revisited Device Identification
» Autodiscovery with tkined tkined
» Politics and Security Device Discovery and Mapping
» Cyberkit Other Tools for Windows
» Overview of SNMP Device Monitoring with SNMP
» Configuration and options NET SNMP UCD SNMP
» snmpgetnext, snmpwalk, and snmptable
» snmpset snmptranslate NET SNMP UCD SNMP
» snmpnetstat NET SNMP UCD SNMP
» scotty SNMP-Based Management Tools
» Monitoring SNMP objects Other commands Caveats
» Windows SNMP Setup SNMP Tools
» Other Options Microsoft Windows
» mrtg configuration file mrtg
» rrd and the Future of mrtg cricket
» Host-Monitoring Tools RMON Performance Measurement Tools
» ntop, mrtg, and cricket on Windows
» getif revisited Microsoft Windows
» hping Custom Packets Generators
» nemesis Custom Packets Generators
» Other tools Custom Packets Generators
» Microsoft Windows Testing Connectivity Protocols
» nslookup and dig Name Services
» Microsoft Windows Application-Level Tools
» Automating Documentation Communications Tools
» Log File Management Log Files and Auditing
» tcpwrappers Other Approaches to Logging
» Microsoft Windows Miscellaneous Tools
» Generic Troubleshooting Troubleshooting Strategies
» Firewall testing Installation Testing
» General steps Performance Analysis and Monitoring
Show more