{"id":941,"date":"2023-09-01T14:43:36","date_gmt":"2023-09-01T12:43:36","guid":{"rendered":"https:\/\/bretterhofer.at\/blog\/2023\/09\/a-tcpdump-tutorial-with-examples\/"},"modified":"2023-09-01T14:45:16","modified_gmt":"2023-09-01T12:45:16","slug":"a-tcpdump-tutorial-with-examples","status":"publish","type":"post","link":"https:\/\/bretterhofer.at\/blog\/2023\/09\/a-tcpdump-tutorial-with-examples\/","title":{"rendered":"A tcpdump Tutorial with Examples from https:\/\/danielmiessler.com\/p\/tcpdump"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<h1 class=\"wp-block-heading\">https:\/\/danielmiessler.com\/p\/tcpdump\/<\/h1>\n\n\n\n<h3 class=\"wp-block-heading\">50 ways to isolate traffic for cybersecurity, network administration, and other technical roles<\/h3>\n\n\n\n<p><a href=\"https:\/\/www.facebook.com\/sharer\/sharer.php?u=https%3A%2F%2Fdanielmiessler.com%2Fp%2Ftcpdump\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/twitter.com\/intent\/tweet?text=50+ways+to+isolate+traffic+for+cybersecurity%2C+network+administration%2C+and+other+technical+roles&amp;url=https%3A%2F%2Fdanielmiessler.com%2Fp%2Ftcpdump\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><a href=\"https:\/\/www.linkedin.com\/sharing\/share-offsite?url=https%3A%2F%2Fdanielmiessler.com%2Fp%2Ftcpdump\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/media.beehiiv.com\/cdn-cgi\/image\/fit=scale-down,format=auto,onerror=redirect,quality=80\/uploads\/asset\/file\/9ba5ca1d-95a9-487c-833c-c91fb8cdfc49\/ip-header-2021-1024x505.png\" alt=\"ip header 2021\"\/><\/figure>\n\n\n\n<p><small>The TCP\/IP Header<\/small><\/p>\n\n\n\n<p><em>UPDATED: August 27, 2023<\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><strong>Table of Contents<\/strong><\/h3>\n\n\n\n<ol start=\"1\">\n<li><strong>Introduction<\/strong>\n<ul>\n<li>Overview of <code>tcpdump<\/code><\/li>\n\n\n\n<li>Basics of traffic isolation<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Getting Started with tcpdump<\/strong>\n<ul>\n<li>Viewing traffic on an interface<\/li>\n\n\n\n<li>Viewing HTTPS traffic<\/li>\n\n\n\n<li>Limiting packets<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Information Security Examples<\/strong>\n<ul>\n<li>Capturing credentials<\/li>\n\n\n\n<li>Monitoring suspicious domain traffic<\/li>\n\n\n\n<li>SMB Traffic<\/li>\n\n\n\n<li>Capturing TCP RESET-ACK Packets<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Filtering &amp; Searching Traffic<\/strong>\n<ul>\n<li>Filtering by IP<\/li>\n\n\n\n<li>Filtering by Source\/Destination<\/li>\n\n\n\n<li>Filtering by Network<\/li>\n\n\n\n<li>Filtering by Port<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Common Options in tcpdump<\/strong>\n<ul>\n<li>Overview of key options<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Advanced Techniques<\/strong>\n<ul>\n<li>Combinations of filters: AND, OR, EXCEPT<\/li>\n\n\n\n<li>Isolating TCP Flags<\/li>\n\n\n\n<li>Raw output view<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Everyday Recipe Examples<\/strong>\n<ul>\n<li>Capturing HTTP User Agents<\/li>\n\n\n\n<li>Identifying cleartext passwords<\/li>\n\n\n\n<li>Finding traffic with the &#8220;Evil Bit&#8221;<\/li>\n<\/ul>\n<\/li>\n\n\n\n<li><strong>Reading\/Writing to PCAP files<\/strong>\n<ul>\n<li>Writing to a file<\/li>\n\n\n\n<li>Reading from a file<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>https:\/\/danielmiessler.com\/p\/tcpdump\/ 50 ways to isolate traffic for cybersecurity, network administration, and other technical roles The TCP\/IP Header UPDATED: August 27, 2023 Table of Contents<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[1],"tags":[],"jetpack_publicize_connections":[],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/bretterhofer.at\/blog\/wp-json\/wp\/v2\/posts\/941"}],"collection":[{"href":"https:\/\/bretterhofer.at\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/bretterhofer.at\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/bretterhofer.at\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bretterhofer.at\/blog\/wp-json\/wp\/v2\/comments?post=941"}],"version-history":[{"count":1,"href":"https:\/\/bretterhofer.at\/blog\/wp-json\/wp\/v2\/posts\/941\/revisions"}],"predecessor-version":[{"id":942,"href":"https:\/\/bretterhofer.at\/blog\/wp-json\/wp\/v2\/posts\/941\/revisions\/942"}],"wp:attachment":[{"href":"https:\/\/bretterhofer.at\/blog\/wp-json\/wp\/v2\/media?parent=941"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/bretterhofer.at\/blog\/wp-json\/wp\/v2\/categories?post=941"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/bretterhofer.at\/blog\/wp-json\/wp\/v2\/tags?post=941"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}