• Skip to main content

Uly.me

cloud engineer

  • Home
  • About
  • Archives

Tcpdump

November 27, 2019

Tcpdump is a command line utility that allows you to capture and analyze network traffic going through your system. It is often used to help troubleshoot network issues.

# Find out if tcpdump is installed
$ which tcpdump
/usr/sbin/tcpdump
 
# Install tcpdump
sudo yum install -y tcpdump
 
# Find which interface is available to you
tcpdump -D
 
# Capture on eth0. Use Ctrl-C to end capture.
tcpdump -i eth0
 
# Capture after 10 packets
tcpdump -i eth0 -c10
 
# Filter by port
tcpdump -i any -c10 -nn port 80
 
# Filter by ip address
tcpdump -i any -c10 -nn host 192.168.1.23
 
# Filter by source or destination ip
tcpdump -i any -c10 -nn src 192.168.1.23
tcpdump -i any -c10 -nn dst 192.168.1.23
 
# Filter by destination ip and port
tcpdump -i any -c5 -nn src 192.168.1.23 and port 80
 
# Save output to a file (binary format)
tcpdump -i any -c10 -nn -w http.pcap port 80
 
# Save output to a file (text format)
tcpdump -nn -r http.pcap

# Find out if tcpdump is installed $ which tcpdump /usr/sbin/tcpdump # Install tcpdump sudo yum install -y tcpdump # Find which interface is available to you tcpdump -D # Capture on eth0. Use Ctrl-C to end capture. tcpdump -i eth0 # Capture after 10 packets tcpdump -i eth0 -c10 # Filter by port tcpdump -i any -c10 -nn port 80 # Filter by ip address tcpdump -i any -c10 -nn host 192.168.1.23 # Filter by source or destination ip tcpdump -i any -c10 -nn src 192.168.1.23 tcpdump -i any -c10 -nn dst 192.168.1.23 # Filter by destination ip and port tcpdump -i any -c5 -nn src 192.168.1.23 and port 80 # Save output to a file (binary format) tcpdump -i any -c10 -nn -w http.pcap port 80 # Save output to a file (text format) tcpdump -nn -r http.pcap

Here’s a good intro article about tcpdump.

Filed Under: Linux Tagged With: analysis, firewall, network, tcpdump

Search This Website

Subscribe Via Email

  • Home
  • About
  • Archives

Copyright © 2023