LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
Reload this Page Tcpdump capture
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 01-13-2017, 03:34 PM   #1
krishnar
Member
 
Registered: May 2016
Posts: 32

Rep: Reputation: Disabled
Tcpdump capture

Hi All,

I was trying to capture Syn-Ack packets using this tcpdump filter, but its not working. Its showing syn packets only.

I am wondering if this is a wrong filter for syn-ack packets

[root@server ~]# tcpdump 'tcp[13] == 18' -c 25

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
13:31:17.188227 IP source-server.com.5666 > destination-server.com.48904: S 2422690267:2422690267(0) ack 840023909 win 5792 <mss 1460,sackOK,timestamp 692368222 37103231,nop,wscale 7>
13:31:24.230014 IP source-server.com.5666 > destination-server.com.48964: S 2758407005:2758407005(0) ack 2155881030 win 5792 <mss 1460,sackOK,timestamp 692375264 37110272,nop,wscale 7>



Krishna
 
Old 01-13-2017, 05:22 PM   #2
teckk
LQ Guru
 
Registered: Oct 2004
Distribution: Arch
Posts: 5,138
Blog Entries: 6

Rep: Reputation: 1827Reputation: 1827Reputation: 1827Reputation: 1827Reputation: 1827Reputation: 1827Reputation: 1827Reputation: 1827Reputation: 1827Reputation: 1827Reputation: 1827
URG
tcpdump 'tcp[13] & 32!=0'
ACK
tcpdump 'tcp[13] & 16!=0'
PSH
tcpdump 'tcp[13] & 8!=0'
RST
tcpdump 'tcp[13] & 4!=0'
SYN
tcpdump 'tcp[13] & 2!=0'
FIN
tcpdump 'tcp[13] & 1!=0'
SYNACK
tcpdump 'tcp[13]=18'
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Tcpdump and capture incoming IP addresses. hack3rcon Linux - Security 6 02-17-2015 02:30 AM
Help with tcpdump to capture traffic. abefroman Linux - Networking 4 04-04-2008 03:08 AM
tcpdump does not capture all packets logicalfuzz Linux - Networking 1 03-19-2007 12:47 PM
not capture payload with tcpdump? hedpe Linux - Networking 6 02-07-2006 02:23 PM
retransmiting tcpdump capture file? JWT2 Linux - Networking 9 10-09-2005 08:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 04:56 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration