tcpdump: Installation and Complete Usage [Updated 2024]
tcpdump is a Command Line Interface (CLI) tool used to analyze network traffic. It prints the contents of network packets. This tool is the substitute for the Wireshark tool if you don’t want to use GUI-based tool. It can read packets from the network interface card or the previously saved .pcap file.
This blog lists the commands for the installation of tcpdump and guides in using this tool.
Usage of tcpdump
1. Install tcpdump on Ubuntu and Debian
#apt-get install tcpdump
2. See all possible commands in tcpdump
#tcpdump -h
3. Capture packets from an ethernet interface
#tcpdump -i eth0
4. Capture n number for packets
#tcpdump -c 5 -i eth0
5. Capture packets in HEX and ASCII (-X, -XX)
#tcpdump -XX
6. Capture packets, copy them into a file, and read captured traffic
#tcpdump -w file.pcap -c 2
file.pcap can be read from any network protocol analyzer or from the below command
#tcpdump -r file.pcap
7. Capture packets by filtering destination IP address (Here ‘dst’ is used for the destination IP address. Similarly, ‘src’ can be used for the Source IP Address)
#tcpdump dst <IPAddress>
8. Use “and” or ‘&&’, “or” or ‘||’ and “not” or ‘!’ for filtering
#tcpdump dst 192.168.0.100 and icmp
Note: ‘icmp’ use to filter icmp packets
9. Show a list of available interfaces
#tcpdump -D
10. For human readable timestamp output ( -t, -tttt )
#tcpdump -tttt -i eth0
11. Filter traffic according to IP
#tcpdump host <IP>
12. Capture packets in the network, use the net option. Combine with ‘src’ and ‘dst’ for more filtering
#tcpdump net 192.168.0.0/24
13. Filter traffic based on packet size. Use greater, or less for filtering based on packet size
#tcpdump greater 512
14. Using destination IP, Source IP, and ICMP packet
15. Filter using ‘grep’
#tcpdump | grep -e ‘ICMP’
16. Miscellaneous
-s: snaplength (size) of the capture in bytes.
-S: Print absolute sequence numbers.
-e: Show the ethernet header as well.
-q: Show less protocol information.
-E: Decrypt IPSEC traffic using an encryption key.
Subscribe us to receive more such articles updates in your email.
If you have any questions, feel free to ask in the comments section below. Nothing gives me greater joy than helping my readers!
Disclaimer: This tutorial is for educational purpose only. Individual is solely responsible for any illegal act.
