Tcpdump rules !

Posted on February 6, 2005 by admin

Tcpdump is clearly one of my favorite tool. Here a little example to filter the traffic of my OSPF router.

tcpdump -i eth0 ip[9] == 89

And the result:

12:43:48.219432 IP p2b.soif.fr > OSPF-ALL.MCAST.NET: OSPFv2, Hello (1), length: 48
12:43:48.560817 IP wrt.soif.fr > OSPF-ALL.MCAST.NET: OSPFv2, Hello (1), length: 48

Wonderfull no ? :)

5 thoughts on “Tcpdump rules !”

Richard Jones on February 7, 2005 at 5:08 am said:

See also TCPWatch, by Shane Hathaway, which is invaluable for debugging HTTP problems:

http://hathaway.freezope.org/Software/TCPWatch
Jkx on February 7, 2005 at 9:12 am said:

Yes, TCPWatch is a great tool too. I use it to debug HTTP server a couple of times, and this is a incredible feature.

– Enjoy Networking ?
Dipankar on February 22, 2011 at 4:51 pm said:

Do you have any idea what should be the libpcap filter syntax in case we want to capture OSPFv3 packets!!
Philipp Klaus on April 13, 2012 at 12:42 am said:

Hi Dipankar, I know your question more than one year old, but here is the answer:

sudo tcpdump -i eth0 proto ospf

This captures OSPFv3 traffic too.
Reiner030 on February 4, 2013 at 1:38 pm said:

Hi,

yes, found also this as better / nicer to type solution here:
http://docstore.mik.ua/orelly/networking_2ndEd/tshoot/ch05_04.htm

5.4.2.4.2. Protocol and port filtering.
=>
bsd1# tcpdump ip proto ospf
bsd1# tcpdump ip proto 89

Bests

Reiner

Jkx@home

Titanium Exposé

Tcpdump rules !

Related Posts

5 thoughts on “Tcpdump rules !”

Leave a Reply Cancel reply