tcpdump

Read pcap file

$(tcpdump -r $file_name.pcap)

Capture in ASCII

$(tcpdump -A)

filter dhcp packet and write (-w) to file

$(tcpdump -i $interface_name -s 0 port 67 or port 68 -w "$file_name.pcap")

filter arp or other protocols (fddi, tr, wlan, ip, ip6, arp, rarp, decnet, tcp and udp)

$(tcpdump -i $interface_name arp)

filter destination

$(tcpdump -i $interface_name dst $ip_addr)

filter radius

#Check port number by /etc/services
$(tcpdump -i $interface_name port 1812 or port 1813 or port 3799)

Get radius attribute (Attr will be stripped in packet )

$(tcpdump -i $interface_name -s 0 port 1812 or port 1813 or port 3799)

Get VLAM ID

$(tcpdump -n -i $interface_name host $host_ip -e)

Display Captured Packets in HEX and ASCII

$(tcpdump -XX -i $interface)

##Ping

Ping continueously

$(ping -t $ip -I $interface)