Technical data
tcpdump
7.
$ tcpdump tcp[13] & 3 != 0 and not src and dst net localnet
This example shows how to use the
tcpdump
utility to display the start
and end packets (the SYN and FIN packets) of each TCP conversation that
involves a nonlocal host.
8.
$ tcpdump gateway snup and ip[2:2] > 576
This example shows how to use the
tcpdump
utility to display IP packets
longer than 576 bytes sent through gateway
snup
.
9.
$ tcpdump ether[0] & 1 = 0 and ip[16] >= 224
This example shows how to use the
tcpdump
utility to display IP broadcast or
multicast packets that were not sent using Ethernet broadcast or multicast.
10.
$ tcpdump icmp[0] != 8 and icmp[0] != 0
This example shows how to use the
tcpdump
utility to display all ICMP
packets that are not echo requests or replies (that is, not PING packets).
11.
$ tcpdump -s 1500 -envv ipv6 and udp port 521
This example shows how to use the
tcpdump
utility to display all RIPv6
packets.
12.
$ tcpdump -s 1500 -envv ipv6 and ether host a:b:c:d:e:f
This example shows how to use the
tcpdump
utility to display all IPv6 packets
arriving at or departing from a host with the Ethernet address
a:b:c:d:e:f
.
Troubleshooting Utilities Reference A–45