TCPdump

#Filter Optionen
tcpdump -i eth0 port not 22 and not host 172.16.190.1
tcpdump -i seth0 host 149.249.32.105
tcpdump -vvv -nn -X -i eth4 port not 22
tcpdump -nn -i eth1 port not 22 and not port 443 and not host 172.17.190.1 and not host 10.123.64.1 and not arp
tcpdump -nnvvXSs 1514 -i eth0.666 port not 22 and not port 443 and not host 172.17.190.1 and not host 10.123.64.1 and not arp and port 80 = Packet Inhalt ansehn auf Port 80
tcpdump -lenx -i eth0 -s 1500 port bootps or port bootpc = DHCP Packet dumpen
tcpdump -s 0 -v -w CAPTURE_DATA.pcap = Packet einfagen und in Filk schreiben (Binär)
	tcpdump -ttttnnr CAPTURE_DATA.pcap = File lesbar machen. Connection Info
	tcpdump -qns 0 -A -r CAPTURE_DATA.pcap = Inhalt der Packete Anzeigen
tcpdump -D = Dump typen
tcpdump -w = Version anziegen

#VPN traffic Dump###########
iptables -t filter -I INPUT -p esp -j NFLOG --nflog-group 5
iptables -t filter -I INPUT -p ah -j NFLOG --nflog-group 5
iptables -t filter -I INPUT -p udp -m multiport --dports 500,4500 -j NFLOG --nflog-group 5
iptables -t filter -I OUTPUT -p esp -j NFLOG --nflog-group 5
iptables -t filter -I OUTPUT -p ah -j NFLOG --nflog-group 5
iptables -t filter -I OUTPUT -p udp -m multiport --dports 500,4500 -j NFLOG --nflog-group 5
iptables -t mangle -I PREROUTING -m policy --pol ipsec --dir in -j NFLOG --nflog-group 5
iptables -t mangle -I POSTROUTING -m policy --pol ipsec --dir out -j NFLOG --nflog-group 5
iptables -t filter -I INPUT -m addrtype --dst-type LOCAL -m policy --pol ipsec --dir in -j NFLOG --nflog-group 5
iptables -t filter -I INPUT -m addrtype ! --dst-type LOCAL -m policy --pol ipsec --dir in -j NFLOG --nflog-group 5
iptables -t filter -I OUTPUT -m policy --pol ipsec --dir out -j NFLOG --nflog-group 5
tcpdump -s 0 -n -i nflog:5
	tcpdump -s 0 -n -i nflog:5 -w pacekt.pcap
#Filten nach User (UID)
iptables -A OUTPUT -m owner --uid-owner 1000 -j CONNMARK --set-mark 1
iptables -A INPUT -m connmark --mark 1 -j NFLOG --nflog-group 30 
iptables -A OUTPUT -m connmark --mark 1 -j NFLOG --nflog-group 30 
tcpdump -s 0 -n -i nflog:5 -w uid-1000.pcap

#SSL traffic Dump###########

#W-LAN traffic Dump###########

Post Revisions: