Skip to content
Related Articles
Open in App
Not now

Related Articles

tcpdump Command in Linux with Examples

Improve Article
Save Article
Like Article
  • Difficulty Level : Basic
  • Last Updated : 14 Sep, 2022
Improve Article
Save Article
Like Article

tcpdump is a packet sniffing and packet analyzing tool for a System Administrator to troubleshoot connectivity issues in Linux. It is used to capture, filter, and analyze network traffic such as TCP/IP packets going through your system. It is many times used as a security tool as well. It saves the captured information in a pcap file, these pcap files can then be opened through Wireshark or through the command tool itself.

Installing tcpdump tool in Linux

Many Operating Systems have tcpdump command pre-installed but to install it, use the following commands. For RedHat based linux OS

yum install tcpdump

For Ubuntu/Debian OS

apt install tcpdump

Working with tcpdump command

1. To capture the packets of current network interface

sudo tcpdump

capture-packets-tcpdump This will capture the packets from the current interface of the network through which the system is connected to the internet. 2. To capture packets from a specific network interface

sudo tcpdump -i wlo1

capture-packets-through-specific-interface This command will now capture the packets from wlo1 network interface. 3. To capture specific number of packets

sudo tcpdump -c 4 -i wlo1

capture-specific-number-of-packages This command will capture only 4 packets from the wlo1 interface. 4. To print captured packets in ASCII format

sudo tcpdump -A -i wlo1

print-packages-with-ASCII This command will now print the captured packets from wlo1 to ASCII value. 5. To display all available interfaces

sudo tcpdump -D

to-list-all-interfaces This command will display all the interfaces that are available in the system. 6. To display packets in HEX and ASCII values

sudo tcpdump -XX -i wlo1

display-packets-inASCII-HEX displa-packets-in-ASCII-HEX This command will now print the packets captured from the wlo1 interface in the HEX and ASCII values. 7. To save captured packets into a file

sudo tcpdump -w captured_packets.pcap -i wlo1

captured-packages-to-file This command will now output all the captures packets in a file named as captured_packets.pcap. 8. To read captured packets from a file

sudo tcpdump -r captured_packets.pcap

to-read-capture-packets-from-file This command will now read the captured packets from the captured_packets.pcap file. 9. To capture packets with ip address

sudo tcpdump -n -i wlo1

capture-packets-with-ip This command will now capture the packets with IP addresses. 10. To capture only TCP packets

sudo tcpdump -i wlo1 tcp

capture-tcp-packets-only This command will now capture only TCP packets from wlo1.

My Personal Notes arrow_drop_up
Like Article
Save Article
Related Articles
1. Ccat – Colorize Cat Command Output command in Linux with Examples
2. 'IPCS' command in Linux with examples
3. select command in Linux with examples
4. Sed Command in Linux/Unix with examples
5. ZIP command in Linux with examples
6. SORT command in Linux/Unix with examples
7. Cat command in Linux with examples
8. Head command in Linux with examples
9. Tail command in Linux with examples
10. wc command in Linux with examples
Next
traceroute command in Linux with Examples
Article Contributed By :
https://media.geeksforgeeks.org/auth/avatar.png
manav014
@manav014
Vote for difficulty
Current difficulty : Basic
Improved By :
Article Tags :
Report Issue
We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy
Lightbox

Start Your Coding Journey Now!