Useful TCPDUMP Commands for Packet Sniffer
Useful TCPDUMP Commands line interface where we can capture or analyse the packets or sniff them over the network.
This is widely used and most important commands in Linux environment.
Tcpdump works on network layer and installed in Linux machine if not you can install it either by downloaded from official site or via yum install tcpdump.
Check installed or not
rpm –qa | grep tcpdump
- With –i options
That’s used to specify the interfaces with the help of you can capture the packets from particular interface.
tcpdump –i ens33
- With –D options
This used to see all the available interface in Linux machine.
- With –n options
If you use –n options with tcpdump command, it will show you sender and receiver packets with IP address otherwise with Name format.
- With –c options
That’s used to see number of packets needs to be captured.
- With –s options
A tcpdump captured 96bytes, By default if what you want to capture more than this or full tcp packets so you will have to specify the size.
You can use –s0 to capture all packets.
- With –e options
Print the link-level header on each dump line, this is to print MAC layer addresses for protocols.
- With –w options
This used to capture the output and save in file.
- With –r options
If you want read the file which you have saved, you will have to use –r to options to read packets.
- For particular port
If you want to capture the packet with particular port number it’s possible.
tcpdump –c 5 –i ens33 port 80
In case you do not need to capture packet from a particular port you can excluded them.
The commands is tcpdump –c 5 –i ens33 ‘ port !80’
- Capture packet towards a particular hosts
tcpdump –i ens33 –c 5 src host 10.10.1.1
tcpdump –i ens33 –c 5 dst host 10.10.1.1
- Filter with protocol
tcpdump –i ens33 icmp