tcpdump

• Introduction

  • wiki:

  tcpdump 是一个执行在命令列下的嗅探工具。它允许用户拦截和显示传送或收到过网路连接到该电脑的TCP/IP和其他封包。tcpdump 是一个在BSD授权条款下释出的自由软件。

  • tcpdump vs Wireshark
    • tcpdump : CLI tool
    • Wireshark : gui tool
    • More: What is the difference between Tcpdump and Wireshark?

• Common Use

  • How to install tcpdump?
    • Ans: default installed in Linux
  • Man page of TCPDUMP

  tcpdump -h # simply lookup tcpdump

  

  man tcpdump # detail of tcpdump

  

  

• Why split pcap:
  • for advaced analysis
    • Ex : DoS_HTTP
      
• split pcap

tcpdump -r old_file -w new_files -C 10 # 每个档案切成 大约 10MB

• Others: Linux ls -lh :: 233M

h 是指用可读性较好的单位来换算

• Resource:
  • HOW TO: Split huge Wireshark/TCPDump pcap files into smaller files
  • how to split a pcap file into a set of smaller ones