
A Tcpdump Tutorial and Primer - danielrm26
http://danielmiessler.com/study/tcpdump/
======
0x0
If you are planning on poking around with captures in Wireshark, keep in mind
that there have been quite a lot of exploits for that app, particularly in the
various protocol dissectors.

You should avoid working on captures with unknown content on an important
machine.

<http://wiki.wireshark.org/Security>

------
RickHull
One thing I haven't been able to with tcpdump is just dump the data stream
(payload) without any protocol bits. I presume it's possible with the right
command line option incantation.

Instead, for this purpose, I have used tcpflow. This is useful for listening
in on data streams, potentially piping a binary message stream to a decoder
for human-readable output.

------
lkrubner
Tip: sudo to root.

I am ignorant as dirt on this subject. Maybe this was obvious to everyone
else. I read this at work and decided to log into one of our main web servers.
I tried following the directions but I got the error:

tcpdump could not find a suitable device

However this:

which tcpdump

showed me that tcpdump was on the machine.

I look back at the examples in the article and saw he was root. Luckily, where
I work, all of the engineers are given root access on most of the machines. So
I could sudo to root. And then the examples worked.

Don't get tripped up like I did.

------
bitops
I love Daniel's site - he's written a ton of great tutorials and overviews of
useful tools.

tcpdump is definitely one of the "must know" tools.

------
teoruiz
This is gold. Straight to my pinboard.

------
ggr
ngrep, <http://ngrep.sourceforge.net>

