Scribd
Upload
11 views3 pages

50 Practical tcpdump Examples Guide

This document is a comprehensive guide on using tcpdump, a command-line network analysis tool for capturing and inspecting network traffic. It covers basic syntax, capturing traffic on specific interfaces, hosts, and ports, as well as advanced filtering techniques and saving or reading captured traffic from files. The tutorial includes 50 practical examples to help users understand and utilize tcpdump effectively.

Uploaded by

rbagda669
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
11 views3 pages

50 Practical tcpdump Examples Guide

This document is a comprehensive guide on using tcpdump, a command-line network analysis tool for capturing and inspecting network traffic. It covers basic syntax, capturing traffic on specific interfaces, hosts, and ports, as well as advanced filtering techniques and saving or reading captured traffic from files. The tutorial includes 50 practical examples to help users understand and utilize tcpdump effectively.

Uploaded by

rbagda669
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd

tcpdump is the world's premier network analysis tool—combining both power and

simplicity into a single command-line interface. This guide will show you how to
use it.

tcpdump is a powerful command-line packet analyzer. It allows you to capture and


inspect network traffic in real-time. This tool is invaluable for network
administrators, security professionals, and anyone who needs to understand network
behavior.

In this tutorial, we'll explore 50 practical examples of using tcpdump. These


examples will cover a wide range of use cases, from basic traffic capture to
advanced filtering and analysis.

Basic Syntax
The basic syntax of tcpdump is:

1 === tcpdump [options] [expression]

>options: Modify the behavior of tcpdump, such as specifying the interface to


capture on or the output format.

>> expression: Defines what kind of traffic to capture. This is where you specify
hostnames, IP addresses, ports, protocols, and other criteria.

Capturing Traffic on an Interface

To capture all traffic on a specific interface, use the -i flag followed by the
interface name. For example, to capture traffic on the eth0 interface:

2 ==== tcpdump -i eth0

>>> To see a list of all available interfaces, use the command:


=== tcpdump -D

>>> Capturing Traffic to/from a Specific Host


To capture traffic to or from a specific host, use the host keyword followed by the
hostname or IP address:
=== tcpdump host [Link]

This will capture all traffic to and from the host with the IP address
[Link].

>>>> Capturing Traffic on a Specific Port

To capture traffic on a specific port, use the port keyword followed by the port
number:

==== tcpdump port 80


This will capture all traffic on port 80 (HTTP).

>>> Combining Filters


You can combine filters using and, or, and not operators. For example, to capture
all traffic to or from host [Link] on port 80, use:

=== tcpdump host [Link] and port 80

To capture traffic from [Link] on either port 80 or 443, use

=== tcpdump src host [Link] and \( port 80 or port 443 \)

>>> Advanced Filtering >>>>>

>>> Filtering by Protocol

To filter by protocol, use the ip, tcp, udp, or other protocol keywords. For
example, to capture only TCP traffic:

=== tcpdump tcp

>>> To capture only UDP traffic:

=== tcpdump udp

>>>> Filtering by Source or Destination

To filter by source or destination host or port, use the src or dst keywords:

=== tcpdump src host [Link]

>>> This will capture all traffic from the host [Link].

=== tcpdump dst port 443

This will capture all traffic destined for port 443.

====== Filtering by Network =====

>>> To capture traffic within a specific network, use the net keyword:

=== tcpdump net [Link]/24


This will capture all traffic within the [Link]/24 network.

>>>> Saving Captured Traffic to a File >>>>

>>> To save captured traffic to a file, use the -w flag followed by the filename:

=== tcpdump -w [Link] -i eth0

This will save all captured traffic on the eth0 interface to the file
[Link].

You can later analyze this file using tcpdump or another packet analyzer like
Wireshark.
>>>> Reading Captured Traffic from a File >>>>

>>> To read captured traffic from a file, use the -r flag followed by the
filename:

=== tcpdump -r [Link]

This will read and display the traffic from the file [Link].

>>>> Verbosity >>>>

>>> You can control the verbosity of tcpdump output using the -v, -vv, or -vvv
flags.

> -v: Verbose output.


> -vv: More verbose output.
> -vvv: Most verbose output.

For example:
==== tcpdump -vv -i eth0

You might also like