fir3net
PPS-Firenetbanner-780.5x190-30-03-17

UNIX - Tcpdump

Tcpdump is a packet capture for the Linux command line. This is by no means a full guide but a quick overview of some of the main commands.

The syntax below will capture all traffic with IP address of 172.16.1.1 and and IP in the network 172.16.1.0/24 with a port of udp/53. This will write it to a capture file for viewing in wireshark, with double verbosity.

tcpdump -vvi eth2 -s 1500 -w test.cap host 172.16.1.1 and net 172.16.1.0/24 and udp port 53

This will read the capture test.cap

tcpdump -r test.cap

To view the payload of the packet use the following commands :

  • -X - Displays the in but ASCII and HEX.
  • -A - Displays just the payload in ASCII

Tcpdump for windows can be downloaded here

Tags: TCP, Tcpdump

About the Author

RDonato

R Donato

Rick Donato is the Founder and Chief Editor of Fir3net.com. He currently works as a Principal Network Security Engineer and has a keen interest in automation and the cloud.

You can find Rick on Twitter @f3lix001