Tcpdump

From Dave-Wiki
Revision as of 19:08, 21 January 2025 by Dave (talk | contribs) (→‎Common Tasks)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Summary

tcpdump is a command-line packet analyzer (or packet sniffer) that allows users to capture and inspect network traffic in real time. It is commonly used for network troubleshooting, debugging, and security analysis. tcpdump works by intercepting and displaying the packets being transmitted or received over a network interface, giving users detailed information about network activity.

General

Common Tasks

Arguments

-n
Don't resolve IP addresses.
-i {interface}
Specify an interface to capture on.
-w {file}
Save output to file.
-vv
Show verbose output on screen.
(this is helpful to keep track of how many packets you've captured)
Ctrl+C
Stop the capture.

Capture all traffic on an interface

sudo tcpdump -ni ens192 -w capture.pcap

Capture all traffic involving a specific host

sudo tcpdump -ni ens192 host 10.0.0.1 -w capture.pcap
Retrieved from "https://davehome.net/wiki/index.php?title=Tcpdump&oldid=400"