DUMP EM EQUIPAMENTOS E LINUX

tcpdump -nni INTERFACE host IP_FILTRO

Exemplos:

Mostrar tráfego na porta 9081
tcpdump -nni enc0 host 172.57.168.100 and port 9081

Mostrar tráfego exceto icmp
tcpdump -nni enc0 host 10.1.1.1 and not icmp

Mostrar HTTP GET
tcpdump -i enp0s8 -s 0 -A ‘tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420’

Mostrar HTTP POST
tcpdump -i enp0s8 -s 0 -A ‘tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504F5354’

Mostrar HTTP GET/POST nas portas 80 e 443 filtrando o IP
tcpdump -i any -s 0 -A ‘tcp dst port 80 or tcp dst port 443 and tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x47455420 or tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504F5354’ and host 192.168.1.1