tcpdump is a powerful command-line packet analyzer. Available on most Unix-like systems, it captures and displays network packets, making it essential for network troubleshooting and security analysis.
📑 Table of Contents
Key Features
- Packet Capture: Capture live network traffic
- Filtering: BPF filter expressions
- Protocol Decode: Parse many protocols
- File Output: Save captures for analysis
- Timestamp Options: Various time formats
Installation
Install tcpdump on Ubuntu:
sudo apt update
sudo apt install tcpdumpUsage Examples
Common tcpdump commands:
# Capture on interface
sudo tcpdump -i eth0
# Filter by host
sudo tcpdump host 192.168.1.100
# Filter by port
sudo tcpdump port 443
# Capture HTTP traffic
sudo tcpdump -A port 80
# Save to file
sudo tcpdump -w capture.pcap
# Read from file
tcpdump -r capture.pcapBenefits
tcpdump provides essential network visibility from the command line. Its availability on virtually all systems makes it the go-to tool for quick network analysis.
Was this article helpful?