A
cd ..
Network

Tcpdump Packet Capture

Capture and analyze network packets with tcpdump.

2025-09-23
tcpdump, networking, debugging

Capture on interface

sudo tcpdump -i eth0

Capture specific number of packets

sudo tcpdump -i eth0 -c 10

Capture and save to file

sudo tcpdump -i eth0 -w capture.pcap

Read from file

tcpdump -r capture.pcap

Capture specific port

sudo tcpdump -i eth0 port 80

Capture specific host

sudo tcpdump -i eth0 host 192.168.1.1

Capture HTTP traffic

sudo tcpdump -i eth0 'tcp port 80'

Capture HTTPS traffic

sudo tcpdump -i eth0 'tcp port 443'

Show packet contents (ASCII)

sudo tcpdump -i eth0 -A

Show packet contents (hex + ASCII)

sudo tcpdump -i eth0 -X

Don't resolve hostnames (faster)

sudo tcpdump -i eth0 -n

More verbose output

sudo tcpdump -i eth0 -v

Capture specific protocol

sudo tcpdump -i eth0 icmp

Capture traffic from source IP

sudo tcpdump -i eth0 src 192.168.1.100

Capture traffic to destination IP

sudo tcpdump -i eth0 dst 192.168.1.200

Capture specific network

sudo tcpdump -i eth0 net 192.168.1.0/24

Combine filters with AND

sudo tcpdump -i eth0 'host 192.168.1.1 and port 80'

Combine filters with OR

sudo tcpdump -i eth0 'port 80 or port 443'

Capture DNS queries

sudo tcpdump -i eth0 'udp port 53'

Capture SYN packets

sudo tcpdump -i eth0 'tcp[tcpflags] & tcp-syn != 0'

Show timestamp

sudo tcpdump -i eth0 -tttt

Rotate capture files (100MB each)

sudo tcpdump -i eth0 -w capture.pcap -C 100

Capture all interfaces

sudo tcpdump -i any

Was this useful?

Share with your team

Browse More