Wireshark
Filter where the source ip is not 192.168.1.1
ip.src != 192.168.1.1
Filter where the destination ip is not 192.168.1.1
ip.dst != 192.168.1.1
Find packets with a string in them
frame contains <thing to search>
For example:
frame contains google
TCPDump
Filter on port 80
tcpdump port 80
Filter on source port 80
tcpdump src port 80
Destination port 80
tcpdump dest port 80
All traffic for 192.168.1.1
tcpdump host 192.168.1.1
Save output
tcpdump tcp -w output.pcap
Resource:
https://medium.com/swlh/introduction-to-tcpdump-635653f56177
Filter on service
In this case, we are filtering icmp traffic on the eth0 interface where the ICMP type field value is icmp-echo
. We finish it with a full protocol decode (-vv
) aka verbose output.
tcpdump -i eth0 icmp and icmp[icmptype]=icmp-echo -vv
Resources:
http://alumni.cs.ucr.edu/~marios/ethereal-tcpdump.pdf
http://www.networksorcery.com/enp/protocol/icmp/msg8.htm
Listen for traffic over port 389
tcpdump -i eth0 -nn port 389