#
# tcpdump.txt
#
#
# 14-Dec-04 amo Date-of-Birth
#
#
# http://www.tcpdump.org
# http://www.tcpdump.org/related.html
#
# http://sourceforge.net/projects/tcpdump/
#
#
# Format
# ---------
# timestamp source -> destination : flags
#    flags are:
#	S -> SYN (Synchronize sequence numbers - Connection establishment)
#	F -> FIN (Ending of sending by sender - Connection termination)
#	R -> RST (Reset connection)
#	P -> PSH (Push data)
#	.  (No flag is set)
#
# tcpdump gui
# -----------
#	http://articles.techrepublic.com.com/5100-10878_11-1045521.html
#	netdude
#
# TCP 3-way handshake
# -------------------
http://www.inetdaemon.com/tutorials/internet/tcp/3-way_handshake.shtml
#
#
# Sniffing ftp session
# --------------------
#	http://openmaniak.com/tcpdump.php
#
# Sniffing emails
# ---------------
#	http://www.linuxplanet.com/linuxplanet/tutorials/6541/1/
#
#
# reading the tcpdump output
# --------------------------
#	http://www-iepm.slac.stanford.edu/monitoring/passive/tcpdump.html
#	http://www.erg.abdn.ac.uk/users/alastair/tcpdump.html
#	http://www.linux.org/lessons/advanced/x442.html
#
#
# http://www.aei.ca/~pmatulis/pub/tcpdump.html
#	- what all the numbers mean
#
# http://www.thedumbterminal.co.uk/software/sniff.shtml
#	- makes tcpdump look readable
#
# http://www.erg.abdn.ac.uk/users/alastair/tcpdump.html - howto
#
#
# To capture all traffic to/from HostNmae
# ------------------------------
tcpdump host HostName
#
#
# To capture all DNS traffic ( tcp or udp )
# ---------------------------
tcpdump port 53
#
#
# To capture all traffic to or From HostMachine
# ---------------------------------------------
tcpdump src host HostMachine
#
tcpdump host 1.2.3.4
tcpdump src 2.3.4.5
tcpdump dst 2.3.4.5
#
#
# To capture all traffice on network
# ----------------------------------
tcpdump net 1.2.3.0/24
#
#
# To capture all traffic to/from port
# -----------------------------------
tcpdump port 8080
#
tcpdump src port 1025
tcpdump dst port 3389
#
#
# To capture all DNS trafffic to(from?) ( tcp or udp port 53 )
# ------------------------------------
tcpdump dst port 53
#
#
# To capture all TCP traffic to SrcHost
# -------------------------------------
tcpdump tcp src host SrcHost
#
#
# To capture all icmp traffic
# --------------------------
tcpdump icmp
#
#
# To capture all UDP traffic
# --------------------------
tcpdump udp
#
#
# To capture all UDP trafffic from DstHost ( udp port 53 )
# ----------------------------------------
tcpdump udp dst port 53
#
#
# To capture login/pwd during FTP
# -------------------------------
tcpdump -A
#
#
#
#
#
# End of file