tcpdump Recipes
I don't have to do this very often, but sometimes I need to debug networking stuff at a fairly low level using tcpdump. Since I don't have to do it all that much, I put together this little page of recipes to call upon whenever I have a need.
Table of Contents
1 IP Level
1.1 Debugging PPTP Connections
tcpdump -i <IF> -s 0 -S tcp port 1723 or proto 47
2 TCP Level
2.1 TCP Resets (RST Flag)
tcpdump -i <IF> -n -s 0 -S 'tcp[13] & 4 != 0'
3 Application Protocols
3.1 HTTP 500 Errors
tcpdump -i <IF> -n -s 4096 -S -X \ 'src port 80 && src host <HOST> && ip[0x3D:4] = 0x35303020'