Tcpdump is a command-line based packet capture tool like wireshark which is GUI.
- Capture all traffic on ethernet interface: $tcpdump –i eth0
2. Filter by host IP-address: $tcpdump host 10.0.2.15
3. Filter traffic by source and destination ip-address: TCPDUMP filter by source and destination:
$tcpdump src 10.0.2.15
$tcpdump dst 10.0.2.15
4. Read Pcap file: Tcpdump -r <file.pcap>
5. Record the capture to a pcap file: tcpdump -w capture.cap
6. Filter all source, destination and ignore ICMP: $tcpdump src 10.0.2.15 and src net and not icmp
We can also filter traffic based on flags. For example, filter to see only SYN packets.
To check the complete list, follow: https://danielmiessler.com/study/tcpdump/