sudo tcpdump // command-line packet analyzer that captures network traffic in real-time
sudo tcpdump -w /path/to/log.pcap // pcap format is used by Wireshark
sudo tcpdump -i <interface> -l | tee /dev/tty | sudo tcpdump -w /media/user/folder/tcpdump_log.pcap // problem with buffering while displaying real-time in terminal
sudo tcpdump -i <interface> | tee /dev/tty | sudo tcpdump -l -U -G 600 -w /media/user/folder/tcpdump_log-%Y%m%d%H%M%S.pcap // won't help
sudo tcpdump -l -i any | tee -a /media/user/folder/tcpdump_log-$(date '+%Y%m%d%H%M%S').pcap // works but creates incompatible file with Wireshark
tcpdump -l -i any -qn port 53 | tee -a /tmp/dnslogs
sudo nano capture_traffic.sh
#!/bin/bash
# Set the path for the pcap file
PCAP_PATH="/media/user/directory/tcpdump_log-$(date '+%Y%m%d%H%M%S').pcap"
# Run tcpdump to capture traffic and display in terminal, saving to file in background
sudo tcpdump -i enp -l -w "$PCAP_PATH" &
# Run tcpdump to capture traffic and display in terminal
sudo tcpdump -i enp -l | tee /dev/tty
sudo chmod +x capture_traffic.sh
./capture_traffic.sh
Ctrl + Shift + P =>Name Resolution => Resolve network (IP) addresses // in Wireshark
sudo dhclient
ping 8.8.8.8
ip link
nmcli
nmcli dev status
sudo lshw -class network
netstat
route
ss // (Socket Statistics) network sockets, network connections and network interfaces
ss -t -a -n // all established TCP connections
ss -u -l -n // listening UDP sockets
sudo apt install traceroute
-n: Show IP addresses instead of resolving hostnames.-m max_ttl: Set the maximum number of hops to reach the destination.-q nqueries: Specify the number of probes per hop.-w waittime: Set the timeout for each probe.
traceroute -n -m 30 -q 3 -w 2 www.google.com
No comments:
Post a Comment