Linux tcpdump command<\/h2>\n
The tcpdump command in Linux lets you dump traffic on a network. Following is its syntax in short:<\/p>\n
tcpdump [OPTIONS]<\/p>\n
Here’s the detailed syntax:<\/p>\n
tcpdump [ -AbdDefhHIJKlLnNOpqStuUvxX# ] [ -B buffer_size ] And here’s how the tool’s man page explains it:<\/p>\n It can\u00a0 also\u00a0 be\u00a0 run with the -w flag, which causes it to save the packet data to a file for In all cases, only packets that match expression will be processed by tcpdump.<\/p><\/pre>\n Following are some Q&A styled examples that should give you a better idea on how the tcpdump command works.<\/p>\n Before using tcpdump to sniff data packets, you should ideally know which network interface you want the tool to work on. For a list of network interfaces available on the system, use the -D command line option with tcpdump.<\/p>\n tcpdump -D<\/p>\n Here’s how the man page explains this option:<\/p>\n This can be useful on systems that don't have a command to list them (e.g., Windows systems, or The\u00a0 -D\u00a0 flag\u00a0 will not be supported if tcpdump was built with an older version of libpcap that For example, in my case, the following output was produced:<\/p>\n Now that you have a list of interfaces, you can choose one, and pass its name as input to the -i command line option of tcpdump. For example:<\/p>\n tcpdump -i wlx18a6f713679b<\/p>\n Following is a part of output produced by this command in my case:<\/p>\n This can be achieved using the -c command line option. For example, if you want tcpdump to only display information related to 10 packets, then you can do that in the following way:<\/p>\n tcpdump -c 10<\/p>\n For example, in my case, I executed the following command:<\/p>\n tcpdump -c 10 -i wlx18a6f713679b<\/p>\n Following is the output that was produced:<\/p>\n So you can see 10 packets were captured.<\/p>\n This can be done using the -e command line option. For example:<\/p>\n tcpdump -e -i wlx18a6f713679b<\/p>\n And here’s the output produced:<\/p>\n So you can see that link level headers were produced in the output.<\/p>\n This can be achieved using the -f command line option.<\/p>\n tcpdump -f -i [INTERFACE]<\/p>\n Making tcpdump display `foreign’\u00a0 IPv4\u00a0 addresses\u00a0 numerically rather than symbolically has its advantages in certain situations. One such example is mentioned in the tool’s man page:<\/p>\n To make tcpdump produce packet numbers in output, use the –number<\/strong> command line option.<\/p>\n For example, I executed the following command:<\/p>\n tcpdump –number -i wlx18a6f713679b<\/p>\n And here’s part of the output that was produced:<\/p>\n So you can see each line now begins with a number.<\/p>\n This can be done using the -q command line option. Here’s how the tool’s man page explains it:<\/p>\n Following is an example of this option:<\/p>\n So you can see less information was produced in output this time.<\/p>\n Use the -t command line option for this. Here’s an example command:<\/p>\n tcpdump -t -i wlx18a6f713679b<\/p>\n And following is its output:<\/p>\n So you can see timestamp information (which is generally in the beginning of each line) isn’t present in output now.<\/p>\n You can use the -v command line option in this case. Following is how the tool’s man page explains this option:<\/p>\n tcpdump -v -i [INTERFACE]<\/p>\n When writing to a file with the -w option, report, every 10 seconds, the number of packets captured<\/p><\/pre>\n We’ve just scratched the surface here as the tcpdump command offers a lot of command line options. Once you are done practicing these, you can head to the tool’s\u00a0man page<\/a> to learn more about it.<\/p>\n About Himanshu Arora<\/strong><\/p>\n Himanshu Arora has been working on Linux since 2007. He carries professional experience in system level programming, networking protocols, and command line. In addition to HowtoForge, Himanshu’s work has also been featured in some of world’s other leading publications including Computerworld, IBM DeveloperWorks, and Linux Journal.<\/p>\n<\/div>\n Share this page:<\/b><\/p>\n \n Everytime you open a webpage on your computer, data packets are sent and received on your network interface. Sometimes, analyzing these packets becomes important for many reasons. Thankfully, Linux offers a command line utility that dumps information related to these data packets in output. In this article, we will discuss the basics of the tool […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[36],"tags":[],"class_list":["post-7084","post","type-post","status-publish","format-standard","hentry","category-36"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/7084","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=7084"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/7084\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=7084"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=7084"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=7084"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ -c count ]
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ -C file_size ] [ -G rotate_seconds ] [ -F file ]
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ -i interface ] [ -j tstamp_type ] [ -m module ] [ -M secret ]
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ –number ] [ -Q in|out|inout ]
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ -r file ] [ -V file ] [ -s snaplen ] [ -T type ] [ -w file ]
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ -W filecount ]
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ -E [email\u00a0protected]<\/a> algo:secret,…\u00a0 ]
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ -y datalinktype ] [ -z postrotate-command ] [ -Z user ]
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ –time-stamp-precision=tstamp_precision ]
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ –immediate-mode ] [ –version ]
\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 [ expression ]<\/p>\nTcpdump prints out a description of the contents of packets on a network interface that match the
Q1. How to use tcpdump?<\/h2>\n
Print the list of the network interfaces available on the system and on which tcpdump can capture
1.wlx18a6f713679b [Up, Running]
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
Q2. How to make tcpdump exit after receiving set number of packets?<\/h2>\n
![\"How](\"https:\/\/www.howtoforge.com\/images\/command-tutorial\/tcpdump-c-option.png\" "\\"\\"")
<\/a><\/p>\nQ3. How to make tcpdump display link-level header in output?<\/h2>\n
listening on wlx18a6f713679b, link-type EN10MB (Ethernet), capture size 262144 bytes
Q4. How to make tcpdump display\u00a0foreign IP addresses numerically?<\/h2>\n
this option is intended to get around serious brain damage in Sun's NIS server \u2014 usually it hangs
Q5. How to make tcpdump produce packet numbers in output?<\/h2>\n
listening on wlx18a6f713679b, link-type EN10MB (Ethernet), capture size 262144 bytes
Q6. How to make tcpdump print shorter output?<\/h2>\n
Quick (quiet?) output.\u00a0 Print less protocol information so output lines are shorter.<\/pre>\n
![\"How](\"https:\/\/www.howtoforge.com\/images\/command-tutorial\/tcpdump-q-option.png\" "\\"\\"")
<\/a><\/p>\nQ7. How to omit timestamp info from tcpdump output?<\/h2>\n
listening on wlx18a6f713679b, link-type EN10MB (Ethernet), capture size 262144 bytes
Q8. How to make tcpdump produce detailed output?<\/h2>\n
When parsing and printing, produce (slightly more) verbose output. For example, the time to live,
Conclusion<\/h2>\n
![\"Himanshu](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/10\/linux-tcpdump-command-tutorial-for-beginners-8-examples.jpg\" "\\"\\"")
<\/p>\n![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/10\/linux-tcpdump-command-tutorial-for-beginners-8-examples-2.png\" "\\"\\"")
<\/a>
\n![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/10\/linux-tcpdump-command-tutorial-for-beginners-8-examples-4.png\" "\\"\\"")
<\/a>
\n![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/10\/linux-tcpdump-command-tutorial-for-beginners-8-examples-6.png\" "\\"\\"")
<\/a>
\n![\"\"](\"https:\/\/afaghhosting.net\/blog\/wp-content\/uploads\/2018\/10\/linux-tcpdump-command-tutorial-for-beginners-8-examples-8.png\" "\\"\\"")
<\/a>\n<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"