Scaler
Academy
Data Science
AI/ML
DevOps
Neovarsity
New
Skill Test
Free Masterclass
Search for Articles, Topics
tcpdump Command in Linux

tcpdump Command in Linux

Learn via video courses
Topics Covered

Overview

tcpdump is a powerful command-line tool used by Linux administrators and network engineers to capture and analyze network traffic in real-time. It is an essential utility for troubleshooting network problems, monitoring network activity, and understanding how network protocols work.

Linux tcpdump Command Syntax

The syntax for the tcpdump command is as follows:

Where:

  • options: These are flags and arguments that modify the behavior of tcpdump, such as filters, output formatting, and verbosity levels.
  • expression: This is a filter expression used to capture specific packets based on criteria like source or destination IP address, port, protocol, and more.

tcpdump Command Options:

  • -i: Specify the network interface to capture packets from.
  • -n: Display IP addresses and port numbers instead of hostnames and service names.
  • -c: Capture a specified number of packets and then exit.
  • -w: Save captured packets to a file instead of displaying them on the screen.

Example Usages

  • Capture all packets on the eth0 interface:

    Output:

    Explanation: This command captures all the packets on the eth0 interface and displays them on the screen.

  • Capture only ICMP packets:

    Output:

    Explanation: This command captures only ICMP packets and displays them on the screen.

Tips

  • Use the -D option to list available network interfaces.

  • Use the -X option to display packet contents in both hexadecimal and ASCII formats.

Advanced Use Cases of tcpdump Command in Linux

  • Capture packets between two specific IP addresses:

    Output:

    Explanation: This command captures packets exchanged between 192.168.1.1 and 192.168.1.2.

  • Capture packets with a specific port number:

    Output:

    Explanation: This command captures packets with a source or destination port number of 80.

  • Capture packets of a specific protocol:

    Output:

    Explanation: This command captures packets using the ICMP protocol.

Conclusion

  • tcpdump is a powerful tool for capturing and analyzing network traffic.

  • The command supports various options and filters to target specific traffic.

  • It is an essential utility for network troubleshooting and monitoring.