Technical data
tcpdump
-v
Displays verbose output. For example, the time to live and type of service
information in an IP packet is displayed. If
-m
is also specified, ONC RPC
packets sent using TCP are decoded twice: first as RPC, then as TCP. By default,
the TCP decoding is suppressed.
-vv
Displays detailed verbose output. For example, additional fields are displayed
from NFS reply packets.
-w file
Writes the raw packets to file rather than parsing and displaying them. They can
later be displayed with the
-r
option. Standard output is used if a hyphen (-) is
used to specify the file.
-x
Displays each packet (minus its link level header) in hexadecimal format.
The smaller of the entire packet or snaplen bytes is displayed.
"-X"
Displays packets in both hexadecimal and ASCII formats. Use quotation marks
to preserve the case of uppercase options.
Examples
1.
$ tcpdump host sundown
This example shows how to use the
tcpdump
utility to display all packets
arriving at or departing from host
sundown
.
2.
$ tcpdump host sundown and ( hot or ace )
This example shows how to use the
tcpdump
utility to display traffic between
sundown
and either host
hot
or host
ace
.
3.
$ tcpdump ip host ace and not helios
This example shows how to use the
tcpdump
utility to display all IP packets
between
ace
and any host except
helios
.
4.
$ tcpdump net office
This example shows how to use the
tcpdump
utility to display all traffic
between local hosts and hosts on the network
office
.
5.
$ tcpdump gateway snup and (port 21 or 20)
This example shows how to use the
tcpdump
utility to display all FTP traffic
through Internet gateway
snup
.
6.
$ tcpdump ip and not net localnet
This example shows how to use the
tcpdump
utility to display traffic neither
sourced from nor destined for local hosts. If your network is connected to one
other network by a gateway, this command does not produce any results on
your local network.
A–44 Troubleshooting Utilities Reference