TCPDUMP examples

Tcpdump is a command-line based packet capture tool like wireshark which is GUI.

  1. Capture all traffic on ethernet interface: $tcpdump –i eth0

2. Filter by host IP-address: $tcpdump host 10.0.2.15

3. Filter traffic by source and destination ip-address: TCPDUMP filter by source and destination:

            $tcpdump src 10.0.2.15

            $tcpdump dst 10.0.2.15

4. Read Pcap file: Tcpdump -r <file.pcap>

5. Record the capture to a pcap file: tcpdump -w capture.cap

  6. Filter all source, destination and ignore ICMP: $tcpdump src 10.0.2.15 and src net and not icmp

Advance Options:

We can also filter traffic based on flags. For example, filter to see only SYN packets.

To check the complete list, follow: https://danielmiessler.com/study/tcpdump/

Leave a Reply

Your email address will not be published. Required fields are marked *