Open In App

We use cookies to ensure you have the best browsing experience on our website. By using our site, you acknowledge that you have read and understood our Cookie Policy & Privacy Policy

tcpdump Command in Linux with Examples

tcpdump is a packet sniffing and packet analyzing tool for a System Administrator to troubleshoot connectivity issues in Linux. It is used to capture, filter, and analyze network traffic such as TCP/IP packets going through your system. It is many times used as a security tool as well. It saves the captured information in a pcap file, these pcap files can then be opened through Wireshark or through the command tool itself.

Installing tcpdump tool in Linux

Many Operating Systems have tcpdump command pre-installed but to install it, use the following commands. For RedHat based linux OS



yum install tcpdump

For Ubuntu/Debian OS

apt install tcpdump

Working with tcpdump command

1. To capture the packets of current network interface



sudo tcpdump

This will capture the packets from the current interface of the network through which the system is connected to the internet. 2. To capture packets from a specific network interface

sudo tcpdump -i wlo1

This command will now capture the packets from wlo1 network interface. 3. To capture specific number of packets

sudo tcpdump -c 4 -i wlo1

This command will capture only 4 packets from the wlo1 interface. 4. To print captured packets in ASCII format

sudo tcpdump -A -i wlo1

This command will now print the captured packets from wlo1 to ASCII value. 5. To display all available interfaces

sudo tcpdump -D

This command will display all the interfaces that are available in the system. 6. To display packets in HEX and ASCII values

sudo tcpdump -XX -i wlo1

This command will now print the packets captured from the wlo1 interface in the HEX and ASCII values. 7. To save captured packets into a file

sudo tcpdump -w captured_packets.pcap -i wlo1

This command will now output all the captures packets in a file named as captured_packets.pcap. 8. To read captured packets from a file

sudo tcpdump -r captured_packets.pcap

This command will now read the captured packets from the captured_packets.pcap file. 9. To capture packets with ip address

sudo tcpdump -n -i wlo1

This command will now capture the packets with IP addresses. 10. To capture only TCP packets

sudo tcpdump -i wlo1 tcp

This command will now capture only TCP packets from wlo1.

Article Tags :
Linux-Unix
Recommended Articles
1. How to capture all the HTTP packets using tcpdump
2. Monitoring multiple ports in tcpdump
3. Ccat – Colorize Cat Command Output command in Linux with Examples
4. How to Display Command History in Linux | history Command
5. select command in Linux with examples
6. ZIP command in Linux with examples
7. atrm command in Linux with examples
8. comm command in Linux with examples
9. cmp Command in Linux with examples
10. expand Command in LINUX with examples
11. df Command in Linux with examples
12. tee command in Linux with examples
13. free Command in Linux with examples
14. help Command in Linux with examples
15. fgrep command in Linux with examples
16. rcp Command in Linux with examples
17. less command in Linux with Examples
18. rm command in Linux with examples
19. xargs command in Linux with examples
20. md5sum Command in Linux with Examples
21. fmt command in Linux with examples
22. unexpand command in Linux with Examples
23. basename Command in Linux with examples
24. uniq command in Linux with examples
25. anacron command in linux with examples