how to capture and see packet contents with tcpdump

You are able to just see the header and not packet contents because you piped the output to grep. So it is just getting the lines in which the IP address is present.

-A option to tcpdump gives the packet contents as well.

That is the contents. You have probably used some command to filter out content.

Use tcpdump -X

For example (works on the Fedora/Centos that I use):

sudo tcpdump -nvvvXi br0 

    13:29:20.311228 00:1c:73:86:12:f9 > 01:00:5e:00:01:81, ethertype IPv4 (0x0800), length 86: (tos 0x0, ttl 5, id 0, offset 0, flags [none], proto UDP (17), length 72)
        10.134.245.1.ptp-general > 224.0.1.129.ptp-general: Ptp MessageType: Follow_Up, SequenceId: 8208
    
            0x0000:  4500 0048 0000 0000 0511 d49c 0a86 f501  E..H............
            0x0010:  e000 0181 0140 0140 0034 0cd0 0802 002c  .....@[email protected].....,
            0x0020:  0100 0000 0000 0000 0000 0000 0000 0000  ................
            0x0030:  444c a8ff ffc7 1f6b 0236 2010 0200 0000  DL.....k.6......
            0x0040:  5f2a b430 0d5e b480                      _*.0.^..

how to capture and see packet contents with tcpdump

Tags:

Tcpdump

Related

Recent Posts