tcpdump

Basic tcpdump Commands

Capture a limited number of packets

Capture 5 packets from the interface ens5 without DNS resolution:

sudo tcpdump -i ens5 -c 5 -n

Capture Packets by Host

Capture packets from or to a specific host (e.g., example.com). Write captured packets to a file named http.pcap:

sudo tcpdump host example.com -w http.pcap

Capture Packets by Port

Capture packets from a specific port (e.g., port 53). Capture all traffic on port 53 (usually DNS traffic) on interface ens5:

sudo tcpdump -i ens5 port 53 -n

Filtering by Protocol and Other Criteria

Command	Explanation
tcpdump host IP or tcpdump host HOSTNAME	Filters packets by a specific IP address or hostname
tcpdump src host IP	Filters packets from a specific source IP address
tcpdump dst host IP	Filters packets to a specific destination IP address
tcpdump port PORT_NUMBER	Filters packets by a specific port number
tcpdump src port PORT_NUMBER	Filters packets from a specific source port
tcpdump dst port PORT_NUMBER	Filters packets to a specific destination port
tcpdump PROTOCOL	Filters packets by protocol (e.g., ip, ip6, icmp)
## Additional tcpdump Options

Command	Explanation
tcpdump -q	Quick and quiet: Show brief packet information
tcpdump -e	Include Ethernet (MAC) addresses
tcpdump -A	Print packet contents in ASCII encoding
tcpdump -xx	Display packet contents in hexadecimal format
tcpdump -X	Show packet contents in both hexadecimal and ASCII formats