TCPDUMP Command Line Options -A -c <count> -D -e -F <file> -G <n> -i <iface> -K -L -n -p Print frame payload in ASCII Exit after capturing

count packets List available interfaces Print link-level headers Use file as the filter expression Rotate the dump file every n seconds Specifies the capture interface Don't verify TCP chec ksums List data link types for the interface Don't convert addresses to names Do n't capture in promiscuous mode -q -r <file> -s <len> -S -t -v[v[v]] -w <file> x -X -y <type> -Z <user> Quick output Read packets from file packetlife.net Capture up to len bytes per packet Print absolute TCP sequence numbers Don't pri nt timestamps Print more verbose output Write captured packets to file Print fra me payload in hex Print frame payload in hex and ASCII Specify the data link typ e Drop privileges from root to user Capture Filter Primitives [src dst] host <host> ether [src dst] host <ehost> gat eway host <host> [src dst] net <network>/<len> [tcp udp] [src dst] port <port> M atches a host as the IP source, destination, or either Matches a host as the Eth ernet source, destination, or either Matches packets which used host as a gatewa y Matches packets to or from an endpoint residing in network Matches TCP or UDP packets sent to/from port [tcp udp] [src dst] portrange <p1>-<p2> Matches TCP or UDP packets to/from a por t in the given range less <length> greater <length> (ether ip ip6) proto <protoc ol> (ether ip) broadcast (ether ip ip6) multicast Matches packets less than or e qual to length Matches packets greater than or equal to length Matches an Ethern et, IPv4, or IPv6 protocol Matches Ethernet or IPv4 broadcasts Matches Ethernet, IPv4, or IPv6 multicasts type (mgt ctl data) [subtype <subtype>] Matches 802.11 frames based on type and optional subtype vlan [<vlan>] mpls [<label>] <expr> <relop> <expr> Protocols ar p ether fddi icmp ip ip6 link ppp radio rarp TCP Flags tcp-urg tcp-ack tcp-psh t cp-rst tcp-syn tcp-fin slip tcp tr udp wlan icmp-echoreply icmp-unreach icmp-sou rcequench icmp-redirect icmp-echo Modifiers ! or not && or and or or udp dst port not 53 Matches 802.1Q frames, optionally with a VLAN ID of vlan Matches MPL S packets, optionally with a label of label Matches packets by an arbitrary expr ession Examples UDP not bound for port 53 host 10.0.0.1 && host 10.0.0.2 Traffic between these hosts tcp dst port 80 or 80 80 ICMP Types icmp-routeradvert icmp-routersolicit icmp-timxceed icmp-paramprob icmp-tstamp icmp-tstampreply icmp-ireq icmp-ireqreply icmp-maskreq icmp-maskrepl y v2.0 Packets to either TCP port by Jeremy Stretch