sudo tcpdump -D
sudo tcpdump -i any
sudo tcpdump -i any -c 5
sudo tcpdump -i any -c 5 -n
sudo tcpdump -i any -c 5 -n -s96
sudo tcpdump -i any -c 5 -n -s0
sudo tcpdump -i eth0 -n -t
sudo tcpdump -i any -c20 -n tcp and dst port 49952 -t
sudo tcpdump -w 001.pcap -i eth0
sudo tcpdump -r 001.pcap
sudo tcpdump -i eth0 -n "host x.x.x.x and (port 80 or port 443)"
TCP Flags (9 bits) (aka Control bits)contains 9 1-bit flags
- NS (1 bit) – ECN-nonce concealment protection (experimental: see RFC 3540).
- CWR (1 bit) – Congestion Window Reduced (CWR) flag is set by the sending host to indicate that it received a TCP segment with the ECE flag set and had responded in congestion control mechanism (added to header by RFC 3168).
- ECE (1 bit) – ECN-Echo has a dual role, depending on the value of the SYN flag. It indicates:
- URG (1 bit) – indicates that the Urgent pointer field is significant
- ACK (1 bit) – indicates that the Acknowledgment field is significant. All packets after the initial SYN packet sent by the client should have this flag set.
- PSH (1 bit) – Push function. Asks to push the buffered data to the receiving application.
- RST (1 bit) – Reset the connection
- SYN (1 bit) – Synchronize sequence numbers. Only the first packet sent from each end should have this flag set. Some other flags and fields change meaning based on this flag, and some are only valid for when it is set, and others when it is clear.
- FIN (1 bit) – No more data from sender
That’s it. Cheers!!