Tcpdump is a command line utility that allows you to capture and analyze network traffic going through your system. It is often used to help troubleshoot network issues.
# Find out if tcpdump is installed $ which tcpdump /usr/sbin/tcpdump # Install tcpdump sudo yum install -y tcpdump # Find which interface is available to you tcpdump -D # Capture on eth0. Use Ctrl-C to end capture. tcpdump -i eth0 # Capture after 10 packets tcpdump -i eth0 -c10 # Filter by port tcpdump -i any -c10 -nn port 80 # Filter by ip address tcpdump -i any -c10 -nn host 192.168.1.23 # Filter by source or destination ip tcpdump -i any -c10 -nn src 192.168.1.23 tcpdump -i any -c10 -nn dst 192.168.1.23 # Filter by destination ip and port tcpdump -i any -c5 -nn src 192.168.1.23 and port 80 # Save output to a file (binary format) tcpdump -i any -c10 -nn -w http.pcap port 80 # Save output to a file (text format) tcpdump -nn -r http.pcap |
Here’s a good intro article about tcpdump.