System Status
Buy Now
  • Email & Apps
  • Office 365
Login
  • MyRackspace Portal
  • Cloud Control Panel
  • Rackspace Webmail Login
  • Cloud Office Control Panel
  • Support Home
  • How-To
  • Developer Documentation
  •  Blogs 
    • Expert Insights Tech Blog
    • Rackspace Blog
    • Solve: Thought Leadership

Support Network

End-to-End Multicloud Solutions.   Solving Together.™   Learn more at Rackspace.com

How–To Home

Cloud Servers

  • Introduction
  • FAQ
  • All Articles

Capture packets with tcpdump

Last updated on:  2020-10-12

Authored by:  Rose Contreras


tcpdump is a powerful network debugging tool that you can use to intercept and display packets on a network interface. An important feature of tcpdump is the filter that enables you to display only the packets you want to see.

Install tcpdump

This example uses Ubuntu® 18.04, but the installation steps are similar for other Linux® distributions. Use the following command to install tcpdump on a server running the Ubuntu operating system:

sudo apt-get install tcpdump

Use tcpdump

sudo tcpdump [options] [filter expression]

By default, tcpdump captures packets on eth0. To specify a different interface, use the -i command line flag. The following command captures all packets on the eth1 interface:

sudo tcpdump -i eth1

Use the following command to listen to all UDP connections:

sudo tcpdump udp

Use the following command to capture packets for a specific port:

sudo tcpdump port 80

The preceding command returns all packets that have port 80 as their destination or source port.

Suppose you want be more specific and capture only packets with destination port 80. If you have a web server on your cloud, you can use the folloiwng command to see incoming packets.

sudo tcpdump dst port 80

You can also capture packets for a specific host. The following command catches packets coming only from IP address 1.2.3.4:

sudo tcpdump src host 1.2.3.4

tcpdump can take logical arguments such as and or or. You can use logical statements in a tcpdump command. For example, the following command catches all the Secure Shell (SSH) packets going from an SSH server to a client with IP address 1.2.3.4:

sudo  tcpdump "src port 22" and "dst host 1.2.3.4"

You can conveniently save raw packets to a file by using the -w option:

tcpdump host 1.2.3.4 -w /home/users/demo/demo.dump

To read the saved file, use the following command:

tcpdump -r /home/users/demo/demo.dump

Summary

System administrators commonly use tcpdump, a powerful packet sniffer tool, to solve network problems and investigate traffic. You can use with Boolean expressions to capture the packets that you want to examine.

Share this information:

©2020 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License

See license specifics and DISCLAIMER

About Rackspace
  • About
  • Customer Stories
  • Events
  • Programs
Blogs
  • The Rackspace Blog
  • Expert Insights Tech Blog
  • Solve: Thought Leadership
  • News
  • Contact Information
  • Legal
  • Careers
Site Information
  • Style Guide for Technical Content
  • Trademarks
  • Privacy Statement
  • Website Terms
Support Network
  • Support Network Home
  • Rackspace How-To
  • API Documentation
  • Developer Center
  • ©2020 Rackspace US, Inc.