Ping a Specific Port

Question

Ania Katzenelson

Asked: 2016-08-24 22:53:20 +0800 CST2016-08-24 22:53:20 +0800 CST 2016-08-24 22:53:20 +0800 CST

tcpdump capture new connections only

772

I am using tcpdump to capture traffic from specific IP address. Is there the possibility to capture new connections only, meaning TCP streams that start with SYN packet?

2 Answers

Voted

pstrozniak · Answer 1 · 2016-08-24T22:57:42+08:00

pstrozniak

2016-08-24T22:57:42+08:002016-08-24T22:57:42+08:00

To capture only TCP SYN packets:

# tcpdump -i <interface> "tcp[tcpflags] & (tcp-syn) != 0"

9

JamesL · Answer 2 · 2020-01-25T13:21:54+08:00

JamesL

2020-01-25T13:21:54+08:002020-01-25T13:21:54+08:00

The following will capture both TCP-SYN and SYN-ACK packets.

tcpdump -i <interface> "tcp[tcpflags] & (tcp-syn) !=0"

The following will only capture TCP-SYN packets.

tcpdump -i <interface> "tcp[tcpflags] & (tcp-syn) !=0 and tcp[tcpflags] & (tcp-ack) =0"

The reason is, SYN-ACK packets include both the SYN and ACK flags. The first filter only looked for the presence of a SYN flag.

If you want to filter on inbound only, add the -Q in option.

tcpdump -i <interface> -Q in "tcp[tcpflags] & (tcp-syn) !=0 and tcp[tcpflags] & (tcp-ack) =0"

3

tcpdump capture new connections only

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?