Listen to this Post
2025-02-16
tcpdump is a powerful command-line packet analyzer tool used for network troubleshooting, analysis, and security auditing. It allows you to capture and display TCP/IP and other packets being transmitted or received over a network. Below is a cheat sheet with practical commands and examples to help you master tcpdump.
Basic Commands
1. Capture packets on a specific interface:
tcpdump -i eth0
2. Capture a specific number of packets:
tcpdump -c 10 -i eth0
3. Capture packets and save to a file:
tcpdump -w output.pcap -i eth0
4. Read packets from a saved file:
tcpdump -r output.pcap
5. Capture packets from a specific IP address:
tcpdump -i eth0 host 192.168.1.1
- Capture packets to or from a specific port:
tcpdump -i eth0 port 80
7. Capture packets from a specific protocol:
tcpdump -i eth0 tcp
8. Capture packets with verbose output:
tcpdump -v -i eth0
9. Capture packets with detailed output:
tcpdump -vv -i eth0
10. Capture packets and display in ASCII:
tcpdump -A -i eth0
Advanced Commands
1. Capture packets with a specific size:
tcpdump -i eth0 greater 1000
2. Capture packets during a specific time frame:
timeout 30 tcpdump -i eth0
3. Capture packets and exclude a specific IP:
tcpdump -i eth0 not host 192.168.1.1
4. Capture packets with a specific MAC address:
tcpdump -i eth0 ether host 00:0c:29:ab:cd:ef
5. Capture packets with a specific subnet:
tcpdump -i eth0 net 192.168.1.0/24
6. Capture packets and display in HEX:
tcpdump -XX -i eth0
7. Capture packets and filter by source IP:
tcpdump -i eth0 src 192.168.1.1
8. Capture packets and filter by destination IP:
tcpdump -i eth0 dst 192.168.1.1
9. Capture packets and filter by port range:
tcpdump -i eth0 portrange 21-25
10. Capture packets and filter by TCP flags:
tcpdump 'tcp[tcpflags] & (tcp-syn|tcp-ack) != 0' -i eth0
What Undercode Say
tcpdump is an indispensable tool for network administrators, ethical hackers, and cybersecurity professionals. Its versatility in capturing and analyzing network traffic makes it a go-to solution for diagnosing network issues, detecting anomalies, and ensuring network security. By mastering the commands above, you can efficiently monitor and troubleshoot network activity.
For further reading, consider exploring Wireshark (https://www.wireshark.org/) for a GUI-based packet analysis experience. Additionally, combining tcpdump with tools like grep and awk can enhance your data filtering capabilities.
Remember to always use tcpdump responsibly and ensure you have proper authorization before capturing network traffic. Happy packet sniffing!
Useful Resources
References:
Hackers Feeds, Undercode AI


