tcpdump Command in Linux with Examples

tcpdump is a packet sniffing and packet analyzing tool for a System Administrator to troubleshoot connectivity issues in Linux. It is used to capture, filter, and analyze network traffic such as TCP/IP packets going through your system. It is many times used as a security tool as well. It saves the captured information in a pcap file, these pcap files can then be opened through Wireshark or through the command tool itself.

Installing tcpdump tool in Linux

Many Operating Systems have tcpdump command pre-installed but to install it, use the following commands.

For RedHat based linux OS

yum install tcpdump

For Ubuntu/Debian OS

apt install tcpdump

Working with tcpdump command

1. To capture the packets of current network interface



sudo tcpdump

capture-packets-tcpdump

This will capture the packets from the current interface of the network through which the system is connected to the internet.

2. To capture packets from a specific network interface

sudo tcpdump -i wlo1

capture-packets-through-specific-interface

This command will now capture the packets from wlo1 network interface.

3. To capture specific number of packets

sudo tcpdump -c 4 -i wlo1

capture-specific-number-of-packages

This command will capture only 4 packets from the wlo1 interface.



4. To print captured packages in ASCII format

sudo tcpdump -A -i wlo1

print-packages-with-ASCII

This command will now print the captured packets from wlo1 to ASCII value.

5. To display all available interfaces

sudo tcpdump -D

to-list-all-interfaces

This command will display all the interfaces that are available in the system.

6. To display packets in HEX and ASCII values

sudo tcpdump -XX -i wlo1

display-packets-inASCII-HEX

displa-packets-in-ASCII-HEX

This command will now print the packages captured from the wlo1 interface in the HEX and ASCII values.



7. To save captured packets into a file

sudo tcpdump -w captured_packets.pcap -i wlo1

captured-packages-to-file

This command will now output all the captures packets in a file named as captured_packets.pcap.

8. To read captured packets from a file

sudo tcpdump -r captured_packets.pcap

to-read-capture-packets-from-file

This command will now read the captured packets from the captured_packets.pcap file.

9. To capture packets with ip address

sudo tcpdump -n -i wlo1

capture-packets-with-ip

This command will now capture the packets with IP addresses.

10. To capture only TCP packets

sudo tcpdump -i wlo1 tcp

capture-tcp-packets-only

This command will now capture only TCP packets from wlo1.

My Personal Notes arrow_drop_up

Check out this Author's contributed articles.

If you like GeeksforGeeks and would like to contribute, you can also write an article using contribute.geeksforgeeks.org or mail your article to contribute@geeksforgeeks.org. See your article appearing on the GeeksforGeeks main page and help other Geeks.

Please Improve this article if you find anything incorrect by clicking on the "Improve Article" button below.