TCPDUMP command packet capture Usage

Posted on by

So, it’s been a little while since my last update. We’ve been quite busy recently, but for those interested in learning more about tcpdump and physically capturing packets.

List Interfaces that can be tcp dumped 

tcpdump -D

Listen on Interface eth0

tcpdump -i eth0

Listen to Xenserver domain 16 on public net 

tcpdump -i vif16.0

Listen on any interface 

tcpdump -i any

Super duper High verbosity tcpdump 

tcpdump -vvvv -i eth0

Be verbose and print data of each packet in both hex and ASCII 

tcpdump -v -X -i eth0

Be less verbose 

tcpdump -q

Limit the capture of packets to 100 

tcpdump -c 100 -i eth0

Display IP addresses and port numbers instead of domain and service names when capturing packets (note: on some systems you need to specify -nn to display port numbers):

tcpdump -n

Capture any packets where the destination host is 192.168.1.1. Display IP addresses and port numbers: 

tcpdump -n dst host 192.168.1.1

Capture any packets where the source host is 192.168.1.1. Display IP addresses and port numbers: 

tcpdump -n src host 192.168.1.1

http://www.rationallyparanoid.com/articles/tcpdump.html