Never paused a video so many times, the longest 18 minutes of my life and it was totally worth it ! Very informative video!

David, thank you so much for uploading these videos. They are specially useful for SDN novices. Again, thanks for sharing.

Hi David, Your whole series of videos are so great, and you are able to make other understand in much better way than any other person or sources on internet. These are by far the best videos on internet.

Excellent Content - To the point and comprehensive. Salute to you David for the great work.

Fantastic work, a clear and concise understanding of TCP Dump basics. Appreciate the video.

Very clear explanation about tcpdump. I learnt quite a lot from this video. Thanks David.

One of the best tutorial I've seen ever Very comprehensive in just 18 minutes.

I find Mr. Mahler's videos to be extrememly affective. Thank you sir!

Thank you for this excellent, brief and to-the-point video with super relevant, supporting examples.

Excellent job David... well worth the time to go through this...

David, the best illustration on TCPDUM I have ever seen. I would compare it like someone getting an orange and and juicing it and giving it to his viewers. I loved it . You must be a very nice person to spend your own personal time and sharing your know how with others.. Kudos to you !!!. Thank you !!

Congratulations. The best class about tcpdump ever. Thank so much, help me a lot. You won one more subscriber.

Superb way to demonstrate use of TCPDUMP, I would like to recommend this video to anyone who wants to understand use of TCPDUMP. Many thanks [.]

Never seen a video with this small size and having so much info thank you please keep posting such type of vedios

Excellent video. Very clear and concise explanation.

Great Video David. Really Appreciate your all efforts

Good overview. Thank you. Will likely review this again.

Great video David! The videos is very helpful. Thanks!

Watched it twice and pause-n-take notes many times second time around. It is a great investment as tcpdump is the only tool left for me to debug mysterious networking problems including "connection refused" and so on. Thank you!

What a great explanation! I'm subscribing in order to learn more. Thanks.

one of the best tutorials on SDN related stuff

Another great Video from David. Thanks!

Great video - especially the interpretation of the output. Thanks.

Great explanation. Good sequencing and very clear.

Clear and thorough explanation. Thanks

Thanks David...hits the spot...very good!!

Amazing video. Thank you so much David.

If only all tutorials on KZbin were this good!

a Clear and concise review. Thanks!

Awesome video! Thank you for the excellent tutorial.

Wow. Going to have to watch that one more than a few times. A lot of info. Done very well and not too verbose.

Thanks you, been looking for a good linux tcpdump video

Very well explained. Thank you!

Thank you for your work and knowledge!

Superb! Highly helpful and handy

useful as the OSCP exam doesn't have a video on tcpdump and this clarifies a lot and teaches a lot of useful tricks.

Thank you. Great video for beginners.

that was a great video, man. nice job

Very nice - Thank you for this video!

Very detailed explanation thankyou. Please make more videos

Great video. Very informative. Thanks.

Thank you sir .. we need more vid pls keep uploading

Very helpful! Good job man ;)

Many thanks for the informative video!

Very detailed and informative video

Perfect explanation, thanks.

An excellent video tutorial. ThanQ very much.

very informative video. Thanks

very informative video . clearly explained !!

Very well explained - I am going to see if you have more trainings available

I really appreciate your video!

You're great David... SDN is an amazing approach to computer networking, and you are explaining it very well... Do you think you can do some videotutorials on how to correctly build a custom controller as a switch/router, say using POX?... there are some guides on how one could do it, but the documentation itself is very poor... Thank you very much for your videos ;)

Very good video. Thank you very much.

Hi David , Nicely explained... :)

Nice one! Thanks for uploading.

Great video, thanks!

Thank you for sharing very informative 👍

Thank you for your clear explanation!

This is an excellent tutorial! I do have a question regarding the time stamps in the output. Do these time stamps denote the time when the packet transmission is complete, has started or when the packet was queued for transmission? Exactly when are these packet details picked up? Thanks a lot again.

This is a well done tutorial.

Fenomenal!

Your videos about networking topics are amazing. Do come back and make more videos.

Great content , thanks

Thanks David!

good explanations. Need some more videos which shows troubleshooting using commands.

That was a great video. Thanks!

It's helpful!Thanks.

Excellent job

Fantastic video Thanks alot

thank you

Excellent!!!!

So useful.

perfect! thanks

Nice, super easy!

Ty!

Thanks a lot!

thank you so much

very nice

easy short amazing

This is best video

Thanks David, It was excellent tutorial. Is there a way to us -i any option at HP-UX or I can use "-i lan0 -i lan1"?

Your Video helped me out a few hours back...Inspite of having Telnet and TCP connectivity I was unable to connect with a Ora NoSQL Node from my VH. The tcpdump -i eth0 -w ora.pcap showed its trying to connect with Default ports in Orcale intalled VM so was able to define servicerange ports and can connect it now.. Got the result from your clip specifically.. Although I used Wireshark to analyze the pcap file as was not aware of the reading option from the Linux option itself. So If I use the commnd (from root access) in the VM > tcpdump -r ora.pcap it should serve the purpose I hope.

Nice...Thank You... :D

I wonder if it's possible to automate monitoring vs malicious traffic on machine with gui

hello sir, Is tcpdump analysis or capture purpose tool only or Could tcpdump be used for generation of packets to a specific dst ip address from a source machine just like an attack.

11:11 host keyword 14:59 protocol type filters

David, if my machine has many interfaces and i don't know by which interface i will capture traffic. i need to use "-i any" to see if my machine is getting any traffic or not. If my machine is getting traffic then how would i know the exact interface??

Is TCPDUMP an active or passive network sniffer?

Hi, Do u have anything able tcprewrite and tcpreplay?

Pls share all tcpdump commands...it could be helpful for us if you have an document.

Plz make more videos on networking.. thanks..

Tcp Dump 1. Version check: - tcpdump -h 2. To check available interfaces on VM: - tcpdump -D 3. Checking tcpdump on all interfaces: - tcpdump -i any 4. Stop tcpdump after a specified number of packets: - tcpdump -i any -c 5 (This one stops the capture after generating 5 packets ) 5. Show tcpdump in form of IPs and not FODN names: - tcpdump -i any -c 5 -n (Using -n will show IP and port numbers. If not used then the utility will tigger reverse DNS lookups to determine IP) 6. To limit capture size use -s option: - tcpdump -i any -c 5 -n -s1024 7. To check with proper sequence number use this: - tcpdump -i any -c20 -n tcp and dst port 39952 -t 8. Save captures to a file: - tcpdump -i any -w capture.pcap 9. Use -v option while performing captures to a file to see wether filter is receiving any packets or not: - tcpdump -i any -w capture.pcap -v 10. Reading existing files: - tcpdump -n -r capture.pcap 11. Use pipe (|) and less while viewing pcap files so that you can scroll through them: - tcpdump -n -r capture.pcap | less 12. To check packets from one particular host only: - tcpdump -i eth1 -n host 10.0.0.4 -c10 13. To check packets from one particular host from one side either source or destination only: - tcpdump -i eth1 -n host src 10.0.0.4 -c10 - tcpdump -i eth1 -n host dst 10.0.0.4 -c10 14. Use “and port ” to filter traffic for that port only: - tcpdump -i eth1 -n host 10.0.0.4 and port 80 -c10 15. Between two host: - tcpdump -i eth1 -n host 10.0.0.4 and host 192.168.0.4 -c10 16. For composite types i.e. using “and-or”: - tcpdump -i eth0 -n “host 192.168.0.4 \ > and (port 80 or port443)” Use (“”) in such commands 17. Based on whole network: - tcpdump -i eth0 -n -c 50 “src net 192.168.00/16 \ > and not dst net 192.168.0.0/16 and not dst net 10.0.0.0/16” 18. Based on mac address: - tcpdump -i eth0 ether host 28:16:2e:1f:25:49 -n -c50 Here “ether host is used to refer mac addr” 19. Mac addr are not visible by default so we use “-e” to see mac addr: - tcpdump -i eth0 ether host 28:16:2e:1f:25:49 -n -c50 -e 20. To tcpdump ipV6 IPs use ip6 a th end - tcpdump -i any ip6 21. Capture based on flags: - tcpdump -i any “tcp[tcpflags] \ > & tcp-syn !=0” Or > &tcp-rst !=0” Adjusting seeing tcpdump outputs- 22. -XX option shows more details specifically in hex and ascii format - tcpdump -i eth0 port 80 -c50 -XX 23. In place of using -XX we can use -A to get only te ASCII value and not the hex value: - tcpdump -i eth0 port 80 -c50 -A 24. Increasing levels of details can we fetched from -v or -vv or -vvv: - tcpdump -i eth0 port 80 -c50 -vvv 25. To see minimal quiet display ouput use -q: - tcpdump -i eth0 port 80 -c50 -q Example: Time ip vm1.port > vm3.ssh: tcp0 Time ip vm3.ssh > vm1.port: tcp0 . . . 26. To remove time frame in any tcpdumps use “-t” - tcpdump -i eth0 port80 -c50 -q -t ip vm1.port > vm3.ssh: tcp0 ip vm3.ssh > vm1.port: tcp0 . . 27. Use 3 “-ttt” to check time difference between consecutive packets in the ouTput. This can be used to check spikes or latencies In packets: - tcpdump -i eth0 -c50 -q -ttt 28. Use 5 “-ttttt” shows the time since the first packet capture. Used to lookup how long does the certain transactions took to complete. - tcpdump -i eth0 -c50 -q -ttttt 29. For human readable format use “-tttt” - tcpdump -i eth0 -c50 -q -tttt # Traffic direction (*) Relation to Firewall Virtual Machine Name of inspection point Notion of inspection point 1 Inbound Before the inbound FW VM Pre-Inbound “i” 2 Inbound After the inbound FW VM Post-Inbound “I” 3 Outbound Before the outbound FW VM Pre-Outbound “o” 4 Outbound After the outbound FW VM Post-Outbound “O BR Amarpreet Singh

sudo is not necessary. All tcp dump needs is CAP_NET_RAW. Run sudo setcap cap_net_raw=eip /usr/bin/tcpdump to set net_raw capability for tcpdump binary and then you can run it without root permissions.

what was the point of this video ? was it to show off or to teach ? you go through it very fast barely explaining anything as if you are reading a script , I watched other videos that are on a slower pace where they take time to explain things then I understood tcpdump.

Very well explained. Thank you!

Thank you sir .. we need more vid pls keep uploading