read data from tcp packets #tcpdump

 

I was into a scenario where I had to read the contents of the tcp packets being sent on a particular port. Kamesh, my friend came to my rescue and taught me the below command.

tcpdump -i eth0 -XX -s0 “port 3690” -w /tmp/kk

 

This command reads the packets sent throught the port 3690 and parses them and prints the data of each packet, which is redirected to a file /tmp/kk.
But sometime down the lane, I came to know that -s0 in the above command sets snaplen bytes of data from each packet to the default of  65535  bytes.

 

Hence,

tcpdump -i eth0 -XX “port 3690” -w /tmp/kk

would really do the job for us🙂

Now I was able to read the data such as the arguments passed from one function to another over the network through that port.

 

See man tcpdump for more info…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s