How to Use the Tcpdump Command

The tcpdump command is a powerful network packet capture tool available in most Unix-like operating systems. It allows you to capture and analyze network traffic on a specific network interface. Here’s a basic usage example:

tcpdump [options] [expression]

To use tcpdump, you typically need root or superuser privileges. Here are a few common options and examples:

1. Capture packets on a specific network interface:

sudo tcpdump -i eth0

Replace eth0 with the name of the network interface you want to capture packets from.

2. Capture packets with a specific port number:

sudo tcpdump port 80

This captures packets with a destination or source port number of 80 (HTTP).

3. Capture packets with a specific IP address:

sudo tcpdump host 192.168.0.1

This captures packets with a source or destination IP address of 192.168.0.1.

4. Capture packets with a specific protocol:

sudo tcpdump icmp

This captures ICMP (ping) packets.

5. Capture packets and save them to a file for later analysis:

sudo tcpdump -w capture.pcap

This captures packets and saves them to a file named capture.pcap.

These are just a few examples of how you can use the tcpdump command. There are many more options and filters available to customize your packet capture. You can refer to the tcpdump manual (man tcpdump) for more details on the available options and expressions.