Skip to main content

tcpdump

Capture All traffic

tcpdump -i eth0
tcpdump -i wlan0

Save Captured Traffic to a File

tcpdump -i eth0 -w capture.pcap

Display Captured Traffic

tcpdump -r capture.pcap

Filter

# Filter by Source IP
tcpdump src 192.168.0.1

# Filter by Destination IP
tcpdump dst 192.168.0.1

# Filter by Port
tcpdump port 80

# Filter by Protocol
tcpdump icmp

# Protocol and Port
tcpdump tcp port 443

# Source and Destination
tcpdump src 192.168.0.1 and dst 192.168.0.2

Display Traffic in ASCII

# Dispaly in ASCII
tcpdump -A

# Display in Hexadecimal
tcpdump -X

Capture Specific Number of Packets

tcpdump -c 100

Display

# Capture and Display IPv6 Traffic
tcpdump -6

# Capture and Display Traffic in Timestamp Format
tcpdump -tttt

Monitor SSH connections

# -l: real-time
# -e: including ethernet headers
tcpdump -i eth0 'tcp port 22' -l -e

HTTP Request and Response

tcpdump -i eth0 -s 0 -A -n 'tcp dst port 80'

By IP Range and Protocol

tcpdump -i eth0 'net 192.168.0.0/24 and (tcp port 22 or icmp)'

DNS Traffic

tcpdump -i eth0 'udp port 53' -nnvvv

FTP Traffic

tcpdump -i eth0 -s 0 'tcp port 21'

Back to top