UNIX – Tcpdump

Tcpdump is a packet capture for the Linux command line. This is by no means a full guide but a quick overview of some of the main commands.

The syntax below will capture all traffic with IP address of 172.16.1.1 and and IP in the network 172.16.1.0/24 with a port of udp/53. This will write it to a capture file for viewing in wireshark, with double verbosity.

tcpdump -vvi eth2 -s 1500 -w test.cap host 172.16.1.1 and net 172.16.1.0/24 and udp port 53

This will read the capture test.cap

tcpdump -r test.cap

To view the payload of the packet use the following commands :

• -X – Displays the in but ASCII and HEX.
• -A – Displays just the payload in ASCII

Tcpdump for windows can be downloaded here

• Author
• Recent Posts

Rick Donato

Rick Donato is a Network Automation Architect/Evangelist and the founder of Packet Coders.

Latest posts by Rick Donato (see all)

• NETCONF & YANG: Automate Network Configs via Python - April 2, 2026
• Palo Alto – How to Configure Your Next-Generation Firewall - April 2, 2026
• How to Harden Linux SSH: Keys, Fail2ban & Ciphers - March 1, 2026

Want to become a UNIX expert ?

Here is our hand-picked selection of the best courses you can find online:
UNIX Administration Fundamentals
Vim Masterclass
and our recommended certification practice exams:
Delta Practice Tests