Tcpdump patterns
From TykWiki
Jump to navigationJump to search
On http://danielmiessler.com/study/tcpdump_recipes/ I found this nice list:
Show me all URG packets: # tcpdump 'tcp[13] & 32 != 0' Show me all ACK packets: # tcpdump 'tcp[13] & 16 != 0' Show me all PSH packets: # tcpdump 'tcp[13] & 8 != 0' Show me all RST packets: # tcpdump 'tcp[13] & 4 != 0' Show me all SYN packets: # tcpdump 'tcp[13] & 2 != 0' Show me all FIN packets: # tcpdump 'tcp[13] & 1 != 0' Show me all SYN-ACK packets: # tcpdump 'tcp[13] = 18'