The tcpdump command provides the feature to save the packets which are captured for later analysis. It is also known as packet analyzer which is supported in almost all UNIX operating system. There are various software’s for display the saved files, but tcpdump commands serve the same purpose, so there is no need to install separate software.

Capture packets from a particular Ethernet interface using tcpdump -i

The default mode of tcpdump command is to collect all the packets flowing through all the interfaces. The -i option provides a facility specify the Ethernet interface.

$  tcdump  -i eth0


Capture only N number of packets using tcpdump -c

The option -c allows the tcpdump command to run a particular number of time. Otherwise, the tcpdump command will run infinite times until it is canceled.

$ tcpdump  -c 5  -i  eth0


Display Captured Packets in ASCII using tcpdump -A

For displaying the packets in the ASCII.

$  tcpdump  -A  -i  eth0


Display Captured Packets in HEX and ASCII using tcpdump -XX

The tcpdump command provides a feature for displaying analyzed packets in both ASCII and HEX format.

$tcpdump -XX -i eth0


Capture the packets and write into a file using tcpdump -w

The packets can be saved to a file and can be used for future reference with the help of tcpdump command.

$   tcpdump -w 08232010.pcap -i eth0

This is to be noted that the file extension must be .pcap so that any network protocol can read the file. The -w option allows writing the file.


Reading the packets from a saved file using tcpdump -r

The .pcap file can be loaded and can be displayed for future references with the help of -r option.

$tcpdump -tttt -r data.pcap


Capture packets with IP address using tcpdump -n

To capture and display the packets with the IP address of the machines available can be achieved by

$ tcpdump -n -i eth0


Read packets longer than N bytes

A conditional filtering system of packets is a feature available with tcpdump command

$ tcpdump -w g_956.pcap greater 956


Receive only the packets of a specific protocol type

Another filtering of packets can be specified with reference to the protocol such as fddi, tr, wlan, ip, ip6, arp, rarp, decnet, tcp, and udp.

$  tcpdump  -i eth0  tcp


Read packets lesser than N bytes

tcpdump also provides the facility to filter out with packets lesser than n number of bytes. This is achieved with the help of ‘less’ option.

$ tcpdump -w l_1024.pcap  less 1024


Receive packets flow on a particular port using tcpdump port

Tracing of packets received by a specific port on a machine can be done by the tcpdump command

$ tcpdump -i eth0 port 22


If you need any further assistance please contact our support department.

  • 0

Install Wine on Linux Distribution

Install Wine on Linux Distribution In this tutorial, we can check how to Install Wine on Linux...

Install Apache Tomcat on Ubuntu 18.04

Install Apache Tomcat on Ubuntu 18.04 The Apache Tomcat is a free, open-source Java-based web...

How to Install and Setup Angular CLI

How to Install and Setup Angular CLIAngular is an open-source framework for your web...

How to Install Jenkins on CentOS and Ubuntu Server?

How to Install Jenkins on CentOS and Ubuntu Server? Jenkins is a free and open-source automation...

Setup ILIAS LMS on Ubuntu 18.04/16.04 with Nginx

ILIAS is an Open-Source Learning Management System. ILIAS LMS offers to develop and realizing...