Listen on all interfaces (any) for traffic on port 8080:
tcpdump -vv -x -X -i any 'port 8080'
Listen on eth0 interface for all traffic:
tcpdump -vv -x -X -i eth0
Listen on all interfaces for traffic port 80 and write to dump file for later analysis:
tcpdump -vv -x -X -i any 'port 80' -w out.dump
See the content of each package:
sudo tcpdump -A -i any port 8000
- -vv: Even more verbose output. For example, additional fields are printed from NFS reply packets, and SMB packets are fully decoded.
- -x: When parsing and printing, in addition to printing the headers of each packet, print the data of each packet (minus its link level header) in hex. The smaller of the entire packet or snaplen bytes will be printed. Note that this is the entire link-layer packet, so for link layers that pad (e.g. Ethernet), the padding bytes will also be printed when the higher layer packet is shorter than the required padding.
- -X: When parsing and printing, in addition to printing the headers of each packet, print the data of each packet (minus its link level header) in hex and ASCII. This is very handy for analysing new protocols.
- -i: The interface to target
- -w: Write the raw packets to file rather than parsing and printing them out.
- -A: The -A flag to tcpdump shows you the content of each packet.