tcpdump

Basic `tcpdump` Commands

Capture a limited number of packets

Capture 5 packets from the interface ens5 without DNS resolution:

sudo tcpdump -i ens5 -c 5 -n

Capture Packets by Host

Capture packets from or to a specific host (e.g., example.com). Write captured packets to a file named http.pcap:

sudo tcpdump host example.com -w http.pcap

Capture Packets by Port

Capture packets from a specific port (e.g., port 53). Capture all traffic on port 53 (usually DNS traffic) on interface ens5:

sudo tcpdump -i ens5 port 53 -n

Filtering by Protocol and Other Criteria

Command

Explanation

tcpdump host IP or tcpdump host HOSTNAME

Filters packets by a specific IP address or hostname

tcpdump src host IP

Filters packets from a specific source IP address

tcpdump dst host IP

Filters packets to a specific destination IP address

tcpdump port PORT_NUMBER

Filters packets by a specific port number

tcpdump src port PORT_NUMBER

Filters packets from a specific source port

tcpdump dst port PORT_NUMBER

Filters packets to a specific destination port

tcpdump PROTOCOL

Filters packets by protocol (e.g., ip, ip6, icmp)

## Additional tcpdump Options

Command

Explanation

tcpdump -q

Quick and quiet: Show brief packet information

tcpdump -e

Include Ethernet (MAC) addresses

tcpdump -A

Print packet contents in ASCII encoding

tcpdump -xx

Display packet contents in hexadecimal format

tcpdump -X

Show packet contents in both hexadecimal and ASCII formats

Previousnmap Nextmetasploit

Last updated 1 year ago

hashtagBasic tcpdump Commands

hashtagCapture a limited number of packets

hashtagCapture Packets by Host

hashtagCapture Packets by Port

hashtagFiltering by Protocol and Other Criteria

Basic `tcpdump` Commands

Capture a limited number of packets

Capture Packets by Host

Capture Packets by Port

Filtering by Protocol and Other Criteria