tcpdump is a packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, tcpdump is free software.
Installation:
# yum install tcpdump
Display Available Interfaces:
# tcpdump -D
Capture Packets from eth0:
# tcpdump -i eth0
The -i option only capture from specific interface
Capture only TCP Packets:
# tcpdump -i eth0 tcp
Capture Only N Number of Packets:
# tcpdump -c 3 -i eth0
-c option capture specified number of packets
Capture Packet from Specific Port:
# tcpdump -i eth0 port 22
Capture Packets from source IP:
# tcpdump -i eth0 src 192.168.40.1
Capture Packets from destination IP:
# tcpdump -i eth0 dst 192.168.40.2
Display Captured Packetsin ASCII format:
# tcpdump -A -i eth0
Display Captured Packets in HEX and ASCII:
# tcpdump -XX -i eth0
Capture and Save Packets in a File:
# tcpdump -w ConfigNotes.pcap -i eth0
Read Captured Packets File:
# tcpdump -r ConfigNotes.pcap