tcpdump is a data-network packet analyzer computer program that runs under a command line interface. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.
10 tcpdump commands
To check the running or up interface of the host:
To capture the packets from particular interface:
tcpdump -i wlan0 // i stands for interface and wlan0 is that particular interface
Get all the packets in IP address instead of Domain name:
tcpdump -n -i wlan0
To capture the required number of packets:
tcpdump -c 10 -i wlan0 // c stands for count and its parameter 10, counts 10 packet
Get the full time stamp of packet.
tcpdump -tttt -i wlan0 // this command will give full timestamp with date
Filter the packets based on IP address.
tcpdump -i wlan0 dst (ip address of destination) // it will show the incoming packets from specified ip tcpdump -i wlan0 src (ip address of destination) // it will show the outgoing packets to specified ip
Filter the packets based on Port number.
tcpdump -i any port 80 // any refest to any interface of host, and packets from 80 will be analyzed
Combination of two commands.
tcpdump -i any host (ip address) and port (port no.) // it will analyze the packets of specified ip address and port number.
To save a captured packet in a file:
tcpdump -w abc.pcap -i any // w stands for write and abc the specified file with pcap as extension
tcpdump -r abc.pcap // to read the saved file
Full content monitoring or in ASCII and HEXADECIMAL format:
tcpdump -A // in ASCII tcpdump -X // in hexadecimal