How to Use tcpdump for Packet Capture

This tutorial is about How to Use tcpdump for Packet Capture. We will try our best so that you understand this guide. I hope you like this blog, How to Use tcpdump for Packet Capture. If your answer is yes, please do share after reading this.

So lets keep reading for intertesting info:

Check How to Use tcpdump for Packet Capture

Tcpdump is a line item utility that you can use to capture and examine network traffic moving through your framework. It is generally used for network troubleshooting as well as a security tool. tcpdump is a strong and flexible device that contains many options and channels and can be used in a wide variety of cases. Being a line item tool, it is ideal for running on remote servers or devices that do not have an accessible GUI to collect information that can be drilled down later.

It can also be started behind the scenes or as a reserved job using devices like cron. tcpdump is an organization packet analysis device created and delivered in 1988 by a group of PC researchers working at the Lawrence Berkeley Laboratory and its Network Research Group. It is used to display the items in packages that a PC sends and receives.

The utility has a variety of options to make the packet capture more clear and focused. Some of these options incorporate different organization conventions and organization interfaces.

How to use tcpdump for packet capture


Many Linux distributions come with the utility pre-installed. Fortunately, if your preferred distribution doesn’t, installation is quick and easy. For example, if you are using Ubuntu or Debian, you can install it with apt:

On CentOS, the same thing is done using yum:

And on Arch Linux using pacman:

The basics

With tcpdump installed, you can take a look at the manual using the -h flag:

This shows you a list of flags that you can use when using the tool. If you want to see a more complete and detailed manual, you can view the manual page (man page) using the man command:

You can run a basic packet capture by typing:

If you use the command yourself and do not specify a network interface, the tool chooses one of the available interfaces on your system. If you don’t want tcpdump to resolve hostnames and only download IP addresses, you can use the -n flag:

If you want to specify the number of packets you want to capture, use the -c flag:

    • tcpdump -c [number of packets]

Specifying a network interface

You can specify your choice of network interface using the -i flag:

Two of the most common network interface names on most systems are eth0 and wlan0:

    • tcpdump -i eth0
    • tcpdump -i wlan0

If you want to capture data on all interfaces, you can use either option:

Specifying a port/port range

If you only want to capture data that uses a specific port number, use the command:

    • tcpdump -i [interface] Port [port number]

Suppose you want to capture traffic on interface eth0 and for port 443 (HTTPS). Type the following:

Additionally, tcpdump allows you to specify a range of ports:

    • tcpdump -i [interface] port range [port range]

Specifying a host or subnet

there will be times when you want to limit captured packets to only those sent/received from a specific host or subnet. Fortunately, tcpdump allows you to do so. You can specify a host using the following format:

    • tcpdump -i [interface] host [host]

As an example, capture traffic on interface eth0 and specify the host as (your own loopback IP address):

    • tcpdump -i eth0 host

If you want to specify a network subnet using CIDR notation, you can use the following format:

    • tcpdump -i [interface] net [subnet]

You can also directly specify a source host:

    • tcpdump -i [interface] origin [host]

And a destination host:

    • tcpdump -i [interface] summer schedule [host]

Verbosity specification

tcpdump allows you to specify the verbosity of the packet capture. This is very useful when you don’t want to be overwhelmed by the amount of information during a capture. There are three incremental options for verbosity, the -v, -vv, and -vvv flags:

    • tcpdump -i [interface] -v
    • tcpdump -i [interface] -vv
    • tcpdump -i [interface] -vvv

The first option specifies the least amount of verbosity, while the third option specifies the most.

Save the capture to a file

It is often useful to save the captured data to a file, so that it can be further analyzed and interpreted. This is done using the -w flag:

    • tcpdump -i [interface] -w [filename]

As an example, you can save the captured data to a file called “capture.txt”:

    • tcpdump -i eth0 -w capture.txt

Final words: How to Use tcpdump for Packet Capture

I hope you understand this article, How to Use tcpdump for Packet Capture. If your answer is no, you can ask anything via the contact forum section related to this article. And if your answer is yes, please share this article with your friends and family to give us your support.

Editorial Staff
Editorial Staff
The Bollyinside editorial staff is made up of tech experts with more than 10 years of experience Led by Sumit Chauhan. We started in 2014 and now Bollyinside is a leading tech resource, offering everything from product reviews and tech guides to marketing tips. Think of us as your go-to tech encyclopedia!


Please enter your comment!
Please enter your name here

Related Articles

Best Telemedicine Software: for your healthcare practice

Telemedicine software has transformed my healthcare visits. It's fantastic for patients and doctors since they can obtain aid quickly. I...
Read more
I love microlearning Platforms in today's fast-paced world. Short, focused teachings that engage me are key. Microlearning platforms are great...
Think of a notebook on your computer or tablet that can be changed to fit whatever you want to write...
As of late, Homeschool Apps has gained a lot of popularity, which means that an increasing number of...
From what I've seen, HelpDesk software is essential for modern businesses to run easily. It's especially useful for improving customer...
For all of our important pictures, stories, and drawings, Google Drive is like a big toy box. But sometimes the...