tcpdump is a powerful network debugging tool that you can use to intercept and display packets on a network interface. An important feature of
tcpdump is the filter that enables you to display only the packets you want to see.
This example uses Ubuntu® 18.04, but the installation steps are similar for other Linux® distributions. Use the following command to install
tcpdump on a server running the Ubuntu operating system:
sudo apt-get install tcpdump
sudo tcpdump [options] [filter expression]
tcpdump captures packets on
eth0. To specify a different interface, use the
-i command line flag. The following command captures all packets on the
sudo tcpdump -i eth1
Use the following command to listen to all UDP connections:
sudo tcpdump udp
Use the following command to capture packets for a specific port:
sudo tcpdump port 80
The preceding command returns all packets that have port
80 as their destination or source port.
Suppose you want be more specific and capture only packets with destination port 80. If you have a web server on your cloud, you can use the folloiwng command to see incoming packets.
sudo tcpdump dst port 80
You can also capture packets for a specific host. The following command catches packets coming only from IP address
sudo tcpdump src host 18.104.22.168
tcpdump can take logical arguments such as
or. You can use logical statements in a
tcpdump command. For example, the following command catches all the Secure Shell (SSH) packets going from an SSH server to a client with IP address
sudo tcpdump "src port 22" and "dst host 22.214.171.124"
You can conveniently save raw packets to a file by using the
tcpdump host 126.96.36.199 -w /home/users/demo/demo.dump
To read the saved file, use the following command:
tcpdump -r /home/users/demo/demo.dump
System administrators commonly use
tcpdump, a powerful packet sniffer tool, to solve network problems and investigate traffic. You can use with Boolean expressions to capture the packets that you want to examine.
Updated 26 days ago