- The first of these is -n, which requests that names are not resolved--resulting in the IPs themselves always being displayed.
- The second is -X, which displays both hex and ascii content within the packet.
- The final one is -S, which changes the display of sequence numbers to absolute rather than relative.
Thursday, October 25, 2007
Tcpdump is a very useful tool for those who are in the network security. tcpdump or its windows version 'windump' basicly puts the network card in promiscuous mode (all traffic are directed to cpu) and captures all traffic. There are many things that can be obtained from a tcpdump output which is exactly what i'm trying to learn at the moment. There are some basic options that need to be studied in order to get a better understanding of the output. The below explains: