Never paused a video so many times, the longest 18 minutes of my life and it was totally worth it ! Very informative video!

Hi David, Your whole series of videos are so great, and you are able to make other understand in much better way than any other person or sources on internet. These are by far the best videos on internet.

I find Mr. Mahler's videos to be extrememly affective. Thank you sir!

Excellent Content - To the point and comprehensive. Salute to you David for the great work.

Watched it twice and pause-n-take notes many times second time around. It is a great investment as tcpdump is the only tool left for me to debug mysterious networking problems including "connection refused" and so on. Thank you!

One of the best tutorial I've seen ever Very comprehensive in just 18 minutes.

Fantastic work, a clear and concise understanding of TCP Dump basics. Appreciate the video.

David, thank you so much for uploading these videos. They are specially useful for SDN novices. Again, thanks for sharing.

David, the best illustration on TCPDUM I have ever seen. I would compare it like someone getting an orange and and juicing it and giving it to his viewers. I loved it . You must be a very nice person to spend your own personal time and sharing your know how with others.. Kudos to you !!!. Thank you !!

Superb way to demonstrate use of TCPDUMP, I would like to recommend this video to anyone who wants to understand use of TCPDUMP. Many thanks [.]

Very clear explanation about tcpdump. I learnt quite a lot from this video. Thanks David.

Never seen a video with this small size and having so much info thank you please keep posting such type of vedios

Thank you for this excellent, brief and to-the-point video with super relevant, supporting examples.

Congratulations. The best class about tcpdump ever. Thank so much, help me a lot. You won one more subscriber.

Excellent job David... well worth the time to go through this...

useful as the OSCP exam doesn't have a video on tcpdump and this clarifies a lot and teaches a lot of useful tricks.

one of the best tutorials on SDN related stuff

Very well explained - I am going to see if you have more trainings available

Good overview. Thank you. Will likely review this again.

If only all tutorials on KZbin were this good!

Your videos about networking topics are amazing. Do come back and make more videos.

Clear and thorough explanation. Thanks

Great Video David. Really Appreciate your all efforts

Great video - especially the interpretation of the output. Thanks.

Excellent video. Very clear and concise explanation.

I wonder if it's possible to automate monitoring vs malicious traffic on machine with gui

Another great Video from David. Thanks!

Awesome video! Thank you for the excellent tutorial.

Thanks David...hits the spot...very good!!

Great explanation. Good sequencing and very clear.

Wow. Going to have to watch that one more than a few times. A lot of info. Done very well and not too verbose.

Very detailed explanation thankyou. Please make more videos

What a great explanation! I'm subscribing in order to learn more. Thanks.

Tcp Dump 1. Version check: - tcpdump -h 2. To check available interfaces on VM: - tcpdump -D 3. Checking tcpdump on all interfaces: - tcpdump -i any 4. Stop tcpdump after a specified number of packets: - tcpdump -i any -c 5 (This one stops the capture after generating 5 packets ) 5. Show tcpdump in form of IPs and not FODN names: - tcpdump -i any -c 5 -n (Using -n will show IP and port numbers. If not used then the utility will tigger reverse DNS lookups to determine IP) 6. To limit capture size use -s option: - tcpdump -i any -c 5 -n -s1024 7. To check with proper sequence number use this: - tcpdump -i any -c20 -n tcp and dst port 39952 -t 8. Save captures to a file: - tcpdump -i any -w capture.pcap 9. Use -v option while performing captures to a file to see wether filter is receiving any packets or not: - tcpdump -i any -w capture.pcap -v 10. Reading existing files: - tcpdump -n -r capture.pcap 11. Use pipe (|) and less while viewing pcap files so that you can scroll through them: - tcpdump -n -r capture.pcap | less 12. To check packets from one particular host only: - tcpdump -i eth1 -n host 10.0.0.4 -c10 13. To check packets from one particular host from one side either source or destination only: - tcpdump -i eth1 -n host src 10.0.0.4 -c10 - tcpdump -i eth1 -n host dst 10.0.0.4 -c10 14. Use “and port ” to filter traffic for that port only: - tcpdump -i eth1 -n host 10.0.0.4 and port 80 -c10 15. Between two host: - tcpdump -i eth1 -n host 10.0.0.4 and host 192.168.0.4 -c10 16. For composite types i.e. using “and-or”: - tcpdump -i eth0 -n “host 192.168.0.4 \ > and (port 80 or port443)” Use (“”) in such commands 17. Based on whole network: - tcpdump -i eth0 -n -c 50 “src net 192.168.00/16 \ > and not dst net 192.168.0.0/16 and not dst net 10.0.0.0/16” 18. Based on mac address: - tcpdump -i eth0 ether host 28:16:2e:1f:25:49 -n -c50 Here “ether host is used to refer mac addr” 19. Mac addr are not visible by default so we use “-e” to see mac addr: - tcpdump -i eth0 ether host 28:16:2e:1f:25:49 -n -c50 -e 20. To tcpdump ipV6 IPs use ip6 a th end - tcpdump -i any ip6 21. Capture based on flags: - tcpdump -i any “tcp[tcpflags] \ > & tcp-syn !=0” Or > &tcp-rst !=0” Adjusting seeing tcpdump outputs- 22. -XX option shows more details specifically in hex and ascii format - tcpdump -i eth0 port 80 -c50 -XX 23. In place of using -XX we can use -A to get only te ASCII value and not the hex value: - tcpdump -i eth0 port 80 -c50 -A 24. Increasing levels of details can we fetched from -v or -vv or -vvv: - tcpdump -i eth0 port 80 -c50 -vvv 25. To see minimal quiet display ouput use -q: - tcpdump -i eth0 port 80 -c50 -q Example: Time ip vm1.port > vm3.ssh: tcp0 Time ip vm3.ssh > vm1.port: tcp0 . . . 26. To remove time frame in any tcpdumps use “-t” - tcpdump -i eth0 port80 -c50 -q -t ip vm1.port > vm3.ssh: tcp0 ip vm3.ssh > vm1.port: tcp0 . . 27. Use 3 “-ttt” to check time difference between consecutive packets in the ouTput. This can be used to check spikes or latencies In packets: - tcpdump -i eth0 -c50 -q -ttt 28. Use 5 “-ttttt” shows the time since the first packet capture. Used to lookup how long does the certain transactions took to complete. - tcpdump -i eth0 -c50 -q -ttttt 29. For human readable format use “-tttt” - tcpdump -i eth0 -c50 -q -tttt # Traffic direction (*) Relation to Firewall Virtual Machine Name of inspection point Notion of inspection point 1 Inbound Before the inbound FW VM Pre-Inbound “i” 2 Inbound After the inbound FW VM Post-Inbound “I” 3 Outbound Before the outbound FW VM Pre-Outbound “o” 4 Outbound After the outbound FW VM Post-Outbound “O BR Amarpreet Singh

a Clear and concise review. Thanks!

Amazing video. Thank you so much David.

Superb! Highly helpful and handy

Great video David! The videos is very helpful. Thanks!

good explanations. Need some more videos which shows troubleshooting using commands.

Thanks you, been looking for a good linux tcpdump video

Thank you sir .. we need more vid pls keep uploading

Very detailed and informative video

An excellent video tutorial. ThanQ very much.

This is an excellent tutorial! I do have a question regarding the time stamps in the output. Do these time stamps denote the time when the packet transmission is complete, has started or when the packet was queued for transmission? Exactly when are these packet details picked up? Thanks a lot again.

I really appreciate your video!

Fenomenal!

Very nice - Thank you for this video!

Very good video. Thank you very much.

Thank you for your work and knowledge!

very informative video . clearly explained !!

Thank you for sharing very informative 👍

Great video. Very informative. Thanks.

Thank you. Great video for beginners.

Very well explained. Thank you!

Many thanks for the informative video!

Hi David , Nicely explained... :)

that was a great video, man. nice job

Perfect explanation, thanks.

Nice one! Thanks for uploading.

This is a well done tutorial.

Your Video helped me out a few hours back...Inspite of having Telnet and TCP connectivity I was unable to connect with a Ora NoSQL Node from my VH. The tcpdump -i eth0 -w ora.pcap showed its trying to connect with Default ports in Orcale intalled VM so was able to define servicerange ports and can connect it now.. Got the result from your clip specifically.. Although I used Wireshark to analyze the pcap file as was not aware of the reading option from the Linux option itself. So If I use the commnd (from root access) in the VM > tcpdump -r ora.pcap it should serve the purpose I hope.

Very helpful! Good job man ;)

very informative video. Thanks

Great content , thanks

David, if my machine has many interfaces and i don't know by which interface i will capture traffic. i need to use "-i any" to see if my machine is getting any traffic or not. If my machine is getting traffic then how would i know the exact interface??

That was a great video. Thanks!

Thanks David, It was excellent tutorial. Is there a way to us -i any option at HP-UX or I can use "-i lan0 -i lan1"?

Excellent job

Pls share all tcpdump commands...it could be helpful for us if you have an document.

Thanks David!

So useful.

It's helpful!Thanks.

Fantastic video Thanks alot

This is best video

hello sir, Is tcpdump analysis or capture purpose tool only or Could tcpdump be used for generation of packets to a specific dst ip address from a source machine just like an attack.

Excellent!!!!

Nice, super easy!

Is TCPDUMP an active or passive network sniffer?

thank you so much

thank you

Thanks a lot!

easy short amazing

very nice

perfect! thanks

Ty!

Plz make more videos on networking.. thanks..

Hi, Do u have anything able tcprewrite and tcpreplay?

Nice...Thank You... :D

11:11 host keyword 14:59 protocol type filters

sudo is not necessary. All tcp dump needs is CAP_NET_RAW. Run sudo setcap cap_net_raw=eip /usr/bin/tcpdump to set net_raw capability for tcpdump binary and then you can run it without root permissions.

what was the point of this video ? was it to show off or to teach ? you go through it very fast barely explaining anything as if you are reading a script , I watched other videos that are on a slower pace where they take time to explain things then I understood tcpdump.

Thank you sir .. we need more vid pls keep uploading

Thank you for your clear explanation!

Very well explained. Thank you!

Great video, thanks!