Tcpdump is an essential command-line utility for network packet analyzing; it displays TCP\IP and other transmitted network packets over the network, which are attached to the system on which UNIX/Linux command utility tcpdump has installed.
Tcpdump uses libpcap library, which helps to capture network packets which is available on all Linux/Unix distro.
Tcpdump command used to read the network packet’s data from a network interface. You can also use previously created packet files to read and analyze with tcpdump. You can use tcpdump command as a root user or a user with sudo privileges.
Here in this tutorial, we will discuss the uses of tcpdump command with installation and some of the basic examples.
Let’s start with the installation of the tcpdump tool.
In most of the Linux distro tcpdump preinstalled but if it not installed in your system, you can install it in your system by using the following methods.
You can install tcpdump in CentOS/RHEL using the following command,
$ sudo yum install tcpdump
On fedora, you should use below command to install tcpdump,
$ dnf install tcpdump
Similarly, you can use below command on Ubuntu or Debian or Linux Mint to install tcpdump,
$ apt-get install tcpdump
Now let’s go with tcpdump command examples.
We will use below created file as an input for sample command
Example 1: Capture packets from all interface
Use command tcpdump to capture network package, as shown below:
Example 2: Capture packets from a specific interface
You can use the “tcpdump” command with the option “-i” and interface name to capture the network package from specific interface.
# tcpdump -i eth0
Example 3: Check available interfaces
You can use the “tcpdump” command with the “-D” option to display available all interface in system, as shown below.
# tcpdump -D