arpspoof -t 10.10.10.24 10.10.10.25
# show cache
ip neigh
# delete cache
ip neigh flush all
# capture packets from interface
tcpdump -i eth0
# display all interfaces
tcpdump -D
# capture and save to file
tcpdump -w 0001.pcap -i eth0
# read from file
tcpdump -r 0001.pcap
# filter
tcpdump -i eth0 src 192.168.0.10 port 22
-i
: interface (any
for all)
-c
: count limited packets
-A
: print in ASCII
-XX
: print in Hex and ASCII
-r
: read file
-w
: write file
<protocol>
: filter by protocol (ex: tcp, arp, udp, ...)
port <port>
: filter by port or port type (ex: 23, 22, ssh, http)
host <host>
: filter by host
dst <host>
: filter by destination
net <subnet>
: filter by subnet