tcpdump Recipes

I don't have to do this very often, but sometimes I need to debug networking stuff at a fairly low level using tcpdump. Since I don't have to do it all that much, I put together this little page of recipes to call upon whenever I have a need.

Table of Contents

1 IP Level

1.1 Debugging PPTP Connections

tcpdump -i <IF> -s 0 -S tcp port 1723 or proto 47

2 TCP Level

2.1 TCP Resets (RST Flag)

tcpdump -i <IF> -n -s 0 -S 'tcp[13] & 4 != 0'

3 Application Protocols

3.1 HTTP 500 Errors

tcpdump -i <IF> -n -s 4096 -S -X \
  'src port 80 && src host <HOST> && ip[0x3D:4] = 0x35303020'

Date: 2013-07-03T20:42-0400

Author: Taylor Venable

Org version 7.9.3f with Emacs version 24

Validate XHTML 1.0