Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
tcpdump useful commands

Some useful tcpdump commands

Listen on all interfaces (any) for traffic on port 8080:

tcpdump -vv -x -X -i any 'port 8080'

Listen on eth0 interface for all traffic:

tcpdump -vv -x -X -i eth0

Listen on all interfaces for traffic port 80 and write to dump file for later analysis:

tcpdump -vv -x -X -i any 'port 80' -w out.dump

Parameter explanations:

  • -vv: Even more verbose output. For example, additional fields are printed from NFS reply packets, and SMB packets are fully decoded.
  • -x: When parsing and printing, in addition to printing the headers of each packet, print the data of each packet (minus its link level header) in hex. The smaller of the entire packet or snaplen bytes will be printed. Note that this is the entire link-layer packet, so for link layers that pad (e.g. Ethernet), the padding bytes will also be printed when the higher layer packet is shorter than the required padding.
  • -X: When parsing and printing, in addition to printing the headers of each packet, print the data of each packet (minus its link level header) in hex and ASCII. This is very handy for analysing new protocols.
  • -i: The interface to target
  • -w: Write the raw packets to file rather than parsing and printing them out.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.