useful command for tcpdump

Tcpdump is a command line interface where we can capture or analyse the packets or sniff them over the network. It’s widely used and most important commands in Linux environment.

Tcpdump works on network layer and it’s installed in Linux machine if not you can install it either by downloaded from official site or via yum install tcpdump.

Check installed or not

rpm –qa | grep tcpdump

Let’s start

  1. With –i options

This is used to specify the interfaces with the help of you can capture the packets from particular interface.

tcpdump –i ens33

  1. With –D options

This is used to see all the available interface in Linux machine.

tcpdump –D

  1. With –n options

If you use –n options with tcpdump command it will show you sender and receiver packets with IP address otherwise with Name format.

  1. With –c options

This is used to see number of packets needs to be captured

  1. With –s options

A tcpdump captured 96bytes by default if what you want to capture more than this or full tcp packets so you will have to specify the size.

You can use –s0 to capture all packets.

  1. With –e options

Print the link-level header on each dump line. This can be used, to print MAC layer addresses for protocols.

  1. With –w options

This is used to capture the output and save in file

  1. With –r options

If you want read the file which you have saved you will have to use –r to options to read packets

  1. For particular port

If you want to capture the packet with particular port number it’s possible

tcpdump –c 5 –i ens33 port 80

In case you do not need to capture packet from a particular port you can excluded them

The commands is tcpdump –c 5 –i ens33 ‘ port !80’

  1. Capture packet towards a particular hosts

tcpdump –i ens33 –c 5 src host


tcpdump –i ens33 –c 5 dst host

  1. Filter with protocol

tcpdump –i ens33 icmp

You’re done



Please enter your comment!
Please enter your name here