In this article, we are going to learn how to capture traffic. We are going to capture network traffic with a packet sniffer tool called tcpdump. This tool is used to filter or capture TCP/IP packets that are transferred or received over a network.

Prerequisites

Besides having a terminal open, we need to remember a few concepts:

• Make sure the tcpdump tool is installed on your machine

Network Traffic Capature

Now we are going to use some tcpdump commands to capture packets:

• To capture packets from an interface, use the following code:

$ sudo tcpdump -i eth0

• To print the captured packets in ASCII values, use the following code:

$ sudo tcpdump -A -i eth0

• To capture a specific number of packets, use the following code:

$ sudo tcpdump -c 10 -i eth0

• To print the captured packets in HEX and ASCII, use the following code:

$ sudo tcpdump -XX -i eth0

• To capture and save the packets in a specific file, use the following code:

$ sudo tcpdump -w 111.pcap -i eth0

• To capture IP address packets, use the following code:

$ sudo tcpdump -n -i eth0

• To read the captured packets, use the following code:

$ sudo tcpdump -r 111.pcap

Now we are going to look at an explanation of tcpdump and the commands we are using.

How it works

We used the tcpdump Linux tool, which is used to capture or filter data packets. tcpdump is used to capture a packet on a specific interface. We used the -i option for this. We can save captured packets in a file. Just give the filename and specify the -w option in the tcpdump command. We can read the file by giving the -r option to read the file in the tcpdump command.