Visit complete Cyber Security roadmap

← Back to Topics List

tcpdump

Tcpdump is a powerful command-line packet analyzer tool that allows you to monitor and intercept network traffic on your system. This utility is beneficial for troubleshooting network connectivity problems and analyzing network protocols. Tcpdump can capture and display the packet headers on a particular network interface or a specific port.

Key Features

  • Capture packets in real-time
  • Display captured packets in a human-readable format
  • Write packets to a file and read saved packet files
  • Filter packets based on specific conditions such as IP addresses, protocol, or port

Basic Usage

To start using Tcpdump, open your terminal/command line and enter the following command:

tcpdump -i any

This command will capture packets on all network interfaces. The output will display source and destination IP addresses, port numbers, and packet length.

Common Tcpdump Commands

Here are some essential tcpdump commands for different tasks:

  • Monitor a specific interface: To monitor a specific network interface, replace <INTERFACE> with the name of the interface you want to monitor:

    tcpdump -i <INTERFACE>
  • Capture specific number of packets: To capture a specific number of packets, use the -c option followed by the number of packets you want to capture:

    tcpdump -i any -c 10
  • Save captured packets to a file: Tcpdump can save the captured packets to a file for further analysis. To save the packets in a file, use the -w option followed by the file name:

    tcpdump -i any -w capture.pcap
  • Filter captured packets: You can filter the captured packets by various parameters such as IP addresses, protocol, or port numbers. Some examples of the filter are:

    • Capture packets from/to a specific IP address:

      tcpdump -i any host 192.168.1.1
    • Capture packets related to a specific port:

      tcpdump -i any port 80
    • Capture packets by protocol (e.g., icmp, tcp, or udp):

      tcpdump -i any icmp

You can learn more about tcpdump filters and advanced options from its official documentation or by typing man tcpdump in your terminal. Tcpdump is an invaluable tool for any network administrator and will help you get to the root of any network issues.

Community

roadmap.sh is the 6th most starred project on GitHub and is visited by hundreds of thousands of developers every month.

Roadmaps Best Practices Guides Videos Store YouTube

roadmap.sh by Kamran Ahmed

Community created roadmaps, articles, resources and journeys to help you choose your path and grow in your career.

© roadmap.sh · FAQs · Terms · Privacy

ThewNewStack

The leading DevOps resource for Kubernetes, cloud-native computing, and the latest in at-scale development, deployment, and management.