Tcpdump: Difference between revisions
| Line 6: | Line 6: | ||
==Common Tasks== | ==Common Tasks== | ||
;-n: Don't resolve IP addresses. | |||
;-i {interface}: Specify an interface to capture on. | |||
;-w {file}: Save output to file. | |||
;-vv: Show verbose output on screen. | |||
: ''(this is helpful to keep track of how many packets you've captured)'' | |||
;Ctrl+C: Stop the capture. | |||
===Capture all traffic on an interface=== | |||
sudo tcpdump -ni ens192 -w capture.pcap | |||
===Capture all traffic involving a specific host=== | |||
sudo tcpdump -ni ens192 host 10.0.0.1 -w capture.pcap | |||
Revision as of 19:07, 21 January 2025
Summary
tcpdump is a command-line packet analyzer (or packet sniffer) that allows users to capture and inspect network traffic in real time. It is commonly used for network troubleshooting, debugging, and security analysis. tcpdump works by intercepting and displaying the packets being transmitted or received over a network interface, giving users detailed information about network activity.
General
Common Tasks
- -n
- Don't resolve IP addresses.
- -i {interface}
- Specify an interface to capture on.
- -w {file}
- Save output to file.
- -vv
- Show verbose output on screen.
- (this is helpful to keep track of how many packets you've captured)
- Ctrl+C
- Stop the capture.
Capture all traffic on an interface
sudo tcpdump -ni ens192 -w capture.pcap
Capture all traffic involving a specific host
sudo tcpdump -ni ens192 host 10.0.0.1 -w capture.pcap