tcpdump Examples
From Wikistix
Example tcpdump invocations:
- IPv6 packets with given src/dst host embedded in PPPoE session packets
tcpdump -ni alc0 'pppoes and host 2a00:86c0:2040::1'
- IPv6 tcp syn/fin packets for www.google.com, embedded in PPPoE session packets
tcpdump -ni alc0 'pppoes and host 2404:6800:4006:808::200e and (ip6[13+40] & (tcp-syn|tcp-fin)) != 0'
- IPv6 icmp router advertisements
tcpdump -ni le0 'icmp[icmptype] = icmp-routeradvert'
- IPv6 icmp router advertisements embedded in PPPoE frames, where the PPPoE version and type aren't 0x11
tcpdump -xxepni le0 '(ether proto 0x8863 or ether proto 0x8864) and ether[14] != 0x11’
- IPv6 traffic to/from Disney Plus servers (disney.api.edge.bamgrid.com) embedded in PPPoE session packets
tcpdump -ni alc0 pppoes and net 2600:9000:20ec::/48
- IPv6 icmp echo requests
tcpdump -i le0 'icmp6 && ip6[40] == 128'
ICMPv6 types
| ICMPv6 Type ID | Type |
|---|---|
| 1 | unreachable |
| 2 | too-big |
| 3 | time-exceeded |
| 128 | echo-request |
| 129 | echo-reply |
| 133 | router-solicitation |
| 134 | router-advertisement |
| 135 | neighbor-solicitation |
| 136 | neighbor-advertisement |
