tcpdump -i any host 172 16 20 128 tcpdump data link type PKTAP tcpdump

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# tcpdump -i any host 172.16.20.128
tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on any, link-type PKTAP (Packet Tap), capture size 65535 bytes
21:08:18.222192 IP 172.16.20.1.52172 > 172.16.20.128.ssh: Flags [S], seq 3397643717, win 65535, options [mss 1460,nop,wscale 4,nop,nop,TS val 1034136535 ecr 0,sackOK,eol], length 0
21:08:18.222942 IP 172.16.20.128.ssh > 172.16.20.1.52172: Flags [S.], seq 743993976, ack 3397643718, win 65535, options [mss 1240,nop,wscale 4,nop,nop,TS val 46954581 ecr 1034136535,sackOK,eol], length 0
21:08:18.222988 IP 172.16.20.1.52172 > 172.16.20.128.ssh: Flags [.], ack 1, win 8212, options [nop,nop,TS val 1034136535 ecr 46954581], length 0
21:08:18.223454 IP 172.16.20.128.ssh > 172.16.20.1.52172: Flags [.], ack 1, win 8212, options [nop,nop,TS val 46954581 ecr 1034136535], length 0
21:08:18.223654 IP 172.16.20.1.52172 > 172.16.20.128.ssh: Flags [P.], seq 1:22, ack 1, win 8212, options [nop,nop,TS val 1034136536 ecr 46954581], length 21
21:08:18.223962 IP 172.16.20.128.ssh > 172.16.20.1.52172: Flags [.], ack 22, win 8210, options [nop,nop,TS val 46954582 ecr 1034136536], length 0
21:08:18.245186 IP 172.16.20.128.ssh > 172.16.20.1.52172: Flags [P.], seq 1:22, ack 22, win 8210, options [nop,nop,TS val 46954602 ecr 1034136536], length 21
21:08:18.245218 IP 172.16.20.1.52172 > 172.16.20.128.ssh: Flags [.], ack 22, win 8210, options [nop,nop,TS val 1034136557 ecr 46954602], length 0
21:08:18.245689 IP 172.16.20.1.52172 > 172.16.20.128.ssh: Flags [.], seq 22:1250, ack 22, win 8210, options [nop,nop,TS val 1034136557 ecr 46954602], length 1228
21:08:18.245705 IP 172.16.20.1.52172 > 172.16.20.128.ssh: Flags [P.], seq 1250:1614, ack 22, win 8210, options [nop,nop,TS val 1034136557 ecr 46954602], length 364
21:08:18.246079 IP 172.16.20.128.ssh > 172.16.20.1.52172: Flags [.], ack 1614, win 8111, options [nop,nop,TS val 46954602 ecr 1034136557], length 0
21:08:18.248163 IP 172.16.20.128.ssh > 172.16.20.1.52172: Flags [.], seq 22:1250, ack 1614, win 8111, options [nop,nop,TS val 46954604 ecr 1034136557], length 1228
21:08:18.248180 IP 172.16.20.128.ssh > 172.16.20.1.52172: Flags [P.], seq 1250:1486, ack 1614, win 8111, options [nop,nop,TS val 46954604 ecr 1034136557], length 236
21:08:18.248198 IP 172.16.20.1.52172 > 172.16.20.128.ssh: Flags [.], ack 1486, win 8119, options [nop,nop,TS val 1034136559 ecr 46954604], length 0
21:08:18.248293 IP 172.16.20.1.52172 > 172.16.20.128.ssh: Flags [P.], seq 1614:1638, ack 1486, win 8192, options [nop,nop,TS val 1034136559 ecr 46954604], length 24
21:08:18.248498 IP 172.16.20.128.ssh > 172.16.20.1.52172: Flags [.], ack 1638, win 8190, options [nop,nop,TS val 46954604 ecr 1034136559], length 0
21:08:18.251210 IP 172.16.20.128.ssh > 172.16.20.1.52172: Flags [P.], seq 1486:1638, ack 1638, win 8192, options [nop,nop,TS val 46954607 ecr 1034136559], length 152
21:08:18.251234 IP 172.16.20.1.52172 > 172.16.20.128.ssh: Flags [.], ack 1638, win 8182, options [nop,nop,TS val 1034136562 ecr 46954607], length 0
21:08:18.252768 IP 172.16.20.1.52172 > 172.16.20.128.ssh: Flags [P.], seq 1638:1782, ack 1638, win 8192, options [nop,nop,TS val 1034136563 ecr 46954607], length 144
21:08:18.252968 IP 172.16.20.128.ssh > 172.16.20.1.52172: Flags [.], ack 1782, win 8183, options [nop,nop,TS val 46954608 ecr 1034136563], length 0
21:08:18.261376 IP 172.16.20.128.ssh > 172.16.20.1.52172: Flags [P.], seq 1638:2358, ack 1782, win 8192, options [nop,nop,TS val 46954616 ecr 1034136563], length 720
21:08:18.261408 IP 172.16.20.1.52172 > 172.16.20.128.ssh: Flags [.], ack 2358, win 8147, options [nop,nop,TS val 1034136571 ecr 46954616], length 0
21:08:18.263185 IP 172.16.20.1.52172 > 172.16.20.128.ssh: Flags [P.], seq 1782:1798, ack 2358, win 8192, options [nop,nop,TS val 1034136572 ecr 46954616], length 16
21:08:18.263426 IP 172.16.20.128.ssh > 172.16.20.1.52172: Flags [.], ack 1798, win 8191, options [nop,nop,TS val 46954618 ecr 1034136572], length 0
21:08:18.263445 IP 172.16.20.1.52172 > 172.16.20.128.ssh: Flags [P.], seq 1798:1850, ack 2358, win 8192, options [nop,nop,TS val 1034136572 ecr 46954618], length 52
21:08:18.263683 IP 172.16.20.128.ssh > 172.16.20.1.52172: Flags [.], ack 1850, win 8188, options [nop,nop,TS val 46954618 ecr 1034136572], length 0
21:08:18.263767 IP 172.16.20.128.ssh > 172.16.20.1.52172: Flags [P.], seq 2358:2410, ack 1850, win 8192, options [nop,nop,TS val 46954618 ecr 1034136572], length 52
21:08:18.263779 IP 172.16.20.1.52172 > 172.16.20.128.ssh: Flags [.], ack 2410, win 8188, options [nop,nop,TS val 1034136572 ecr 46954618], length 0
21:08:18.263934 IP 172.16.20.1.52172 > 172.16.20.128.ssh: Flags [P.], seq 1850:1918, ack 2410, win 8192, options [nop,nop,TS val 1034136572 ecr 46954618], length 68
21:08:18.264097 IP 172.16.20.128.ssh > 172.16.20.1.52172: Flags [.], ack 1918, win 8187, options [nop,nop,TS val 46954618 ecr 1034136572], length 0
21:08:27.265970 IP 172.16.20.1.52172 > 172.16.20.128.ssh: Flags [F.], seq 1918, ack 2410, win 8192, options [nop,nop,TS val 1034145517 ecr 46954618], length 0
21:08:27.266625 IP 172.16.20.128.ssh > 172.16.20.1.52172: Flags [.], ack 1919, win 8192, options [nop,nop,TS val 46963613 ecr 1034145517], length 0
21:08:27.266661 IP 172.16.20.1.52172 > 172.16.20.128.ssh: Flags [.], ack 2410, win 8192, options [nop,nop,TS val 1034145517 ecr 46963613], length 0