How to use tcpdump to sniff different types of TCP packages?

We will some specific examples in this post, to show you how to use tcpdump to catch TCP packages with specified types.

An anagram for the TCP flags: Unskilled Attackers Pester Real Security Folk

Show URG packages
# tcpdump ‘tcp[13] & 32!=0’
Show ACK packages
# tcpdump ‘tcp[13] & 16!=0’
Show PSH packages
# tcpdump ‘tcp[13] & 8!=0’
Show RST Packages
# tcpdump ‘tcp[13] & 4!=0’
Show SYN packages
# tcpdump ‘tcp[13] & 2!=0’
Show FIN packages
# tcpdump ‘tcp[13] & 1!=0’
Show all SYN/ACK packages
# tcpdump ‘tcp[13]=18’

This is not the only way to capture specified TCP packages by tcpdump.

Note: Only the PSH, RST, SYN, and FIN flags are displayed in tcpdump’s flag field output. URGs and ACKs are displayed, but they are shown elsewhere in the output rather than in the flags field.

Leave a comment

Your email address will not be published. Required fields are marked *