tcpdump

Question 1

[CMD, tcpdump] List all available network interfaces

Answer 1

ip a s

Question 2

[CMD, tcpdump] Specify interface to listen on

Answer 2

-i {INTERFACE}

Question 3

[CMD, tcpdump] Listen on all interfaces

Answer 3

-i any

Question 4

[CMD, tcpdump] Save to a file

Answer 4

-w FILE

Question 5

[CMD, tcpdump] Read from a file

Answer 5

-r FILE

Question 6

[CMD, tcpdump] Specify number of packets to capture

Answer 6

-c {COUNT}

Question 7

[CMD, tcpdump] Avoid DNS lookup

Answer 7

-n

Question 8

[CMD, tcpdump] Avoid both DNS and port look up

Answer 8

-nn

Question 9

[CMD, tcpdump] Limit packages to a certain source based on IP or hostname

Answer 9

-src host HOSTNAME or -src host ip

Question 10

[CMD, tcpdump] Limit packages to a certain destination IP or hostname

Answer 10

-dst host HOSTNAME or -dst host ip

Question 11

Explain this command:
tcpdump -i eth0 host example.com and tcp port 443 -w https.pcap

Answer 11

Listen on interface eth0 with a host DNS example.com with TCP only filter on port 443 and write the packets captured to https.pcap

Question 12

What is the library associated with tcpdump called?

Answer 12

lipbcap

Question 13

[CMD] Count packets using protocol icmp, read from a file

Answer 13

tcpdump -r FILE icmp | wc -l

Question 14

[CMD] Read from file, which ip asked for the MAC address of a destination ip? And what protocol is used for these types of things?

Answer 14

tcpdump -nn -r traffic.pcap arp and dst host ip

ARP is used (Address resolution protocol)