Networking
tcpdump CLI
tcpdump commands for network packet capture and analysis.
34 commands
Windows
MacOS
Linux
#packet-capture
#debugging
Basic Capture
Capture packets on interface eth0
tcpdump -i eth0
Capture packets on all interfaces
tcpdump -i any
Capture only 100 packets then stop
tcpdump -c 100
List available network interfaces
tcpdump -D
Capture with verbose output
tcpdump -i eth0 -v
Capture with maximum verbosity
tcpdump -i eth0 -vvv
Protocol Filtering
Capture only TCP packets
tcpdump -i eth0 tcp
Capture only UDP packets
tcpdump -i eth0 udp
Capture only ICMP packets
tcpdump -i eth0 icmp
Capture only ARP packets
tcpdump -i eth0 arp
Capture only IPv6 packets
tcpdump -i eth0 ip6
Host & Port Filtering
Capture traffic to/from specific host
tcpdump -i eth0 host 192.168.1.1
Capture traffic from source host
tcpdump -i eth0 src host 10.0.0.1
Capture traffic to destination host
tcpdump -i eth0 dst host 10.0.0.1
Capture traffic on port 80
tcpdump -i eth0 port 80
Capture traffic from source port 443
tcpdump -i eth0 src port 443
Capture traffic on port range
tcpdump -i eth0 portrange 8000-9000
Capture traffic for a subnet
tcpdump -i eth0 net 192.168.1.0/24
Output Options
Write captured packets to file
tcpdump -i eth0 -w capture.pcap
Read packets from a capture file
tcpdump -r capture.pcap
Rotate files at 100MB
tcpdump -i eth0 -w capture.pcap -C 100
Do not resolve hostnames
tcpdump -i eth0 -n
Do not resolve hostnames or port names
tcpdump -i eth0 -nn
Print human-readable timestamps
tcpdump -i eth0 -tttt
Advanced Filters
tcpdump -i eth0 'tcp[tcpflags] & tcp-syn != 0' # Capture TCP SYN packets
tcpdump -i eth0 'tcp[tcpflags] & tcp-rst != 0' # Capture TCP RST packets
tcpdump -i eth0 host 10.0.0.1 and port 80 # Combine host and port filters
Exclude SSH traffic
tcpdump -i eth0 not port 22
Print packet payload as ASCII
tcpdump -i eth0 -A port 80
Print payload in hex and ASCII
tcpdump -i eth0 -X port 80
git ```
Quick Commands
Capture packets and write to pcap file
tcpdump -i eth0 -w capture.pcap
Capture traffic for specific host and port
tcpdump -i eth0 host 192.168.1.1 and port 80
Capture TCP SYN packets only
tcpdump -i eth0 'tcp[tcpflags] & tcp-syn != 0'