tcpdump

tcpdump --help

tcpdump -i eth0 -v

this will capture everything on the interface along with verbosity and will not output in any file hence :-

capture everything on basis of filter

tcpdump -i eth0 -v host <$ip>

^ to find ip in source/desti tcpdump -i eth0 -v host abcd.com

tcpdump -i eth0 -v src <$ip> and dst <$ip>

^ source ip ^&& in wireshark ^ dst ip

tcpdump -i eth0 -v net 192.168.0.0/24

^to scan for the range

tcpdump -i eth0 -v tcp and net 192.168.0.0/24

to capture only tcp data

tcpdump -i eth0 -v port 80

^ to capture traffic specifc to port

tcpdump -i eth0 -v src port 80 and dst <$ip>

saving output in pcap file

tcpdump -i eth0 -v port 80 -w /root/Desktop/traffic.pcap

-n dont resolve for dns

-nn dont resolve for dns and protocol

-i any all interfaces

-c 30 restrict the count of packets

Last updated

Was this helpful?