You are Here
2 3 5 6 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
Ta Tc Td Te Th Ti Tl Tm To Tp Tr Tu Tw Ty
Tca Tcp Tcs

TCPDUMP

The linux TCPDUMP tool is a command-line utility that can capture, filter, and analyze network traffic on a Linux system. It can be used to troubleshoot connectivity issues, monitor network performance, or inspect packets for security purposes. To use tcpdump, you need to have root privileges or sudo access. You also need to specify the network interface that you want to capture traffic from, or use the any pseudo-device to capture traffic from all interfaces.

You can use various options and filters to customize the output of tcpdump, such as:

• -D: List the available network interfaces
• -i: Specify the network interface to capture from
• -n: Do not resolve hostnames or port names
• -v: Increase the verbosity level of the output
• -c: Limit the number of packets to capture
• -w: Write the captured packets to a file
• -r: Read the captured packets from a file
• -s: Set the snaplen (the maximum length of a packet to capture, the default packet length is 1024bytes, use "-s 0" to remove the packet length limit)
• -X: Print the packet data in ASCII and hexadecimal format

Some examples of using tcpdump are:

• tcpdump -i eth0: Capture all packets on the eth0 interface
• tcpdump -i any port 80: Capture all packets on any interface with port 80 (HTTP)
• tcpdump -i eth0 -w capture.pcap: Capture all packets on the eth0 interface and write them to a file named capture.pcap
• tcpdump -i bond1 -s 2000 -w trace_file.cap port 53: Capture all DNS(Port 53) packets on bond1 interface, limit the packet length to 2000bytes and write to a file named trace_file.cap
• tcpdump -r capture.pcap: Read and print the packets from the file capture.pcap
• tcpdump -i eth0 icmp: Capture only ICMP packets on the eth0 interface
• tcpdump -i eth0 src 192.168.1.1: Capture only packets with source IP address 192.168.1.1 on the eth0 interface
• tcpdump -i eth0 dst 192.168.1.1: Capture only packets with destination IP address 192.168.1.1 on the eth0 interface
• tcpdump -i eth0 host 192.168.1.1: Capture only packets with source or destination IP address 192.168.1.1 on the eth0 interface

Related Entries

Spread the word: