tcpdump




tcpdump is a packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. Distributed under the BSD license, tcpdump is free software.

Installation:
# yum install tcpdump

Display Available Interfaces:
# tcpdump -D

Capture Packets from eth0:
# tcpdump -i eth0
The -i option onley capture from specific interface

Capture only TCP Packets:
# tcpdump -i eth0 tcp

Capture Only N Number of Packets:
# tcpdump -c 3 -i eth0
-c option capture specified number of packets

Capture Packet from Specific Port:
# tcpdump -i eth0 port 22

Capture Packets from source IP:
# tcpdump -i eth0 src 192.168.40.1

Capture Packets from destination IP:
# tcpdump -i eth0 dst 192.168.40.2

Display Captured Packetsin ASCII format:
# tcpdump -A -i eth0

Display Captured Packets in HEX and ASCII:
# tcpdump -XX -i eth0

Capture and Save Packets in a File:
# tcpdump -w ConfigNotes.pcap -i eth0

Read Captured Packets File:
# tcpdump -r ConfigNotes.pcap


Published by

Ferdy Mañago

Portland, Oregon