tcpdump

Raw "circular" capture

Do a "circular" capture of raw data in separate files of 200mb each. After the sixth file of 200mb is done getting written, tcpdump will start to overwrite the first file:

sudo tcpdump -w /tmp/capture.cap -C 200 -W 6

Capture traffic coming in from a single host while excluding ARP and UDP

sudo tcpdump -i eth0 src host 1.2.3.4 and not arp -w capture.pcap -vvv -U

Then to see just the ports that people tried to connect to you on

sudo tcpdump -r 2024-07-16-1741-capture.pcap not udp and not icmp -nn -tttt

Raw "circular" capture​

Capture traffic coming in from a single host while excluding ARP and UDP​

Then to see just the ports that people tried to connect to you on​

Raw "circular" capture

Capture traffic coming in from a single host while excluding ARP and UDP

Then to see just the ports that people tried to connect to you on