Useful TCPDUMP Commands line interface where we can capture or analyze the packets or sniff them over the network. We can install tcpdump and we have provided you the few examples of tcpdump commands in Linux.
This is widely used and the most important commands in the Linux environment.
Useful TCPDUMP Commands for Packet Sniffer:
Tcpdump works on the network layer and installed in the Linux machine if not you can install it either by downloading from the official site or via yum install tcpdump.
If tcpdump command not found. you can install it using yum install tcpdump
Check installed or not
rpm –qa | grep tcpdump
- With –i options
That’s used to specify the interfaces with the help of you can capture the packets from a particular interface.
tcpdump –i ens33
- With –D options. This used to see all the available interfaces in the Linux machine.
- With –n options. If you use –n options with tcpdump command, it will show you sender and receiver packets with IP address otherwise with Name format.
- With –c options. That’s used to see a number of packets need to be captured.
- With –s options. A tcpdump captured 96bytes, By default if what you want to capture more than this or full TCP packets so you will have to specify the size. You can use –s0 to capture all packets.
- With –e options. Print the link-level header on each dump line, this is to print MAC layer addresses for protocols.
- With –w options. This used to capture the output and save it in a file.
- With –r options. If you want to read the file which you have saved, you will have to use ‘–r’ to options to read packets.
- For a particular port If you want to capture the packet with the particular port number, it’s possible.
tcpdump –c 5 –i ens33 port 80
In case you do not need to capture a packet from a particular port you can exclude them.
tcpdump –c 5 –i ens33 ‘ port !80’
- Capture packet towards a particular hosts
tcpdump –i ens33 –c 5 src host 10.10.1.1
tcpdump –i ens33 –c 5 dst host 10.10.1.1
- Filter with protocol
tcpdump –i ens33 icmp
That’s it. example of tcpdump commands in linux