Home Linux Misc

tcpdump -i en0 -s 65535 -w tcpdump.`hostname` tcp port 80 or tcp port 443 or udp port 53

tcpdump -i en0 -s 65535 -w tcpdump.`hostname` ip host xxx.xxx.xxx.xxx and tcp port 80 or ip host xxx.xxx.xxx.xxx and tcp port 443 or ip host xxx.xxx.xxx.xxx and udp port 53

tcpdump -i en0 -s 65535 -w /tmp/mytcpdump tcp portrange 20-443


its a good idea to set  -s  to the size of the mtu (maximum transmission unit)

netstat -I en0

# In linux its found in ifconfig


Are passwords passed  in clear? 

tcpdump port http or port ftp or port smtp or port imap or port pop3 -l -A | egrep -i 'pass=|pwd=|log=|login=|user=|username=|pw=|passw=|passwd=|password=|pass:|user:|username:|password:|login:|pass |user ' --color=auto --line-buffered -B20