Example: capture anything sent to/from port 7500 on interface eth0 and dump it to a file
$ sudo /usr/sbin/tcpdump -w /tmp/tcpdump.out -s 0 -i eth0 port 7500
We can now use Wireshark to read the file and analyse the packets
To filter the packets based on, for example, a port; use an expression such as tcp.port == 1234
No comments:
Post a Comment