tcpdump

Capture All traffic

tcpdump -i eth0
tcpdump -i wlan0

~~Save Captured Traffic to~~

To a File

tcpdump -i eth0 -w capture.pcap

# Set Timeout
timeout 6m tcpdump -i eth0 -w capture.pcap

~~Display~~

Read Captureda Traffic
file (.pcap)

tcpdump -r capture.pcap

Filter

# Filter by Source IP
tcpdump src 192.168.0.1

# Filter by Destination IP
tcpdump dst 192.168.0.1

# Filter by Port
tcpdump port 80

# Filter by Protocol
tcpdump icmp

# Protocol and Port
tcpdump tcp port 443

# Source and Destination
tcpdump src 192.168.0.1 and dst 192.168.0.2

Display Traffic in ASCII

# Dispaly in ASCII
tcpdump -A

# Display in Hexadecimal
tcpdump -X

~~Capture~~

Specific Number of Packets

tcpdump -c 100

Display

# Capture and Display IPv6 Traffic
tcpdump -6

# Capture and Display Traffic in Timestamp Format
tcpdump -tttt

SSH Connections

# -l: real-time
# -e: including ethernet headers
tcpdump -i eth0 'tcp port 22' -l -e

HTTP Request and Response

tcpdump -i eth0 -s 0 -A -n 'tcp dst port 80'

IP Range and Protocol

tcpdump -i eth0 'net 192.168.0.0/24 and (tcp port 22 or icmp)'

DNS Traffic

tcpdump -i eth0 'udp port 53' -nnvvv

FTP Traffic

tcpdump -i eth0 -s 0 'tcp port 21'

tcpdump

Capture All traffic

To a File

Read Captureda Trafficfile (.pcap)

Filter

Display Traffic in ASCII

Specific Number of Packets

Display

SSH Connections

HTTP Request and Response

IP Range and Protocol

DNS Traffic

FTP Traffic

Read Captureda Traffic
file (.pcap)