Categories
How-To Personal Technical

dump packets with tcpdump

How many times did you forget the parameters.  I have, countless time.
Lets see if my sharing here I will remember some of my favorite commands

# tcpdump -nnXSs 0 ‘port 5060’

Command switches (what they are for)

  • “-nn” plays nice by not looking up hostnames in DNS or service names.
  • “-X” makes it print each packet in hex and ascii
  • “-S” print absolute rather than relative TCP sequence numbers
  • “-s 0” by default tcpdump will only capture the beginning of each packet, using 0 I get it all