Skip to content

Instantly share code, notes, and snippets.

@fernandovega

fernandovega/gist:df7bc92ca469320d5c0a1d5d79f8766a

Forked from marcoemorais/gist:a8bf499bd6a8f69960c5
Created August 8, 2019 20:41
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save fernandovega/df7bc92ca469320d5c0a1d5d79f8766a to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save fernandovega/df7bc92ca469320d5c0a1d5d79f8766a to your computer and use it in GitHub Desktop.
Download ZIP

Revisions

  1. Marco Morais created this gist Feb 27, 2015.
    40 changes: 40 additions & 0 deletions gistfile1.txt
    View file
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,40 @@
    # find the IP addresses of many hosts on the network
    # step 1. obtain the broadcast address from ifconfig
    # step 2. ping the broadcast address
    $ ifconfig -a | grep broadcast
    inet 192.168.1.102 netmask 0xffffff00 broadcast 192.168.1.255
    inet 192.168.68.1 netmask 0xffffff00 broadcast 192.168.68.255
    inet 192.168.174.1 netmask 0xffffff00 broadcast 192.168.174.255
    $ ping 192.168.1.255
    PING 192.168.1.255 (192.168.1.255): 56 data bytes
    64 bytes from 192.168.1.1: icmp_seq=0 ttl=64 time=0.634 ms
    64 bytes from 192.168.1.100: icmp_seq=0 ttl=64 time=102.151 ms (DUP!)

    # capture the first and last packet of a connection
    sudo tcpdump -nnvvXSs 0 'tcp and dst host www.yahoo.com and dst port 80 and tcp[tcpflags] & (tcp-syn|tcp-fin) != 0'

    # http://naleid.com/blog/2008/04/03/monitoring-http-traffic-to-debug-your-grails-application/

    # capture all incoming http traffic on port 80 without displaying packet headers
    sudo tcpdump -s 0 -A 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

    # capture all outgoing http traffic on port 80 without displaying packet headers
    sudo tcpdump -s 0 -A 'tcp and dst host www.yahoo.com and dst port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

    # capture all outgoing udp packets
    sudo tcpdump -s 0 -A 'udp and dst fed1018.yss.ne1.yahoo.com and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)'

    # capture outgoing udp packets to a particular host
    sudo tcpdump -s 0 -A 'udp and dst 10.7.202.190'

    # capture incoming udp packets to this host
    sudo tcpdump -s 0 -A 'udp and port 8125'

    # capture outgoing icmp packets
    tcpdump -nnvXSs 0 -c2 icmp

    # use tcpdump on the network interface of the hypervisor to print packet headers tagged with vlan
    sudo tcpdump -nei eth1 vlan

    # use tcpdump on the virtual interface on the hypervisor created for vm to print packet headers forwarded to this interface
    sudo tcpdump -nei vnet0