Tcpdump is an essential command-line utility for network packet analyzing; it displays TCP\IP and other transmitted network packets over the network, which are attached to the system on which UNIX/Linux command utility tcpdump has installed.

Tcpdump uses libpcap library, which helps to capture network packets which is available on all Linux/Unix distro.

Tcpdump command used to read the network packet’s data from a network interface. You can also use previously created packet files to read and analyze with tcpdump. You can use tcpdump command as a root user or a user with sudo privileges.

Here in this tutorial, we will discuss the uses of tcpdump command with installation and some of the basic examples.

Let’s start with the installation of the tcpdump tool.

Tcpdump Installation:

In most of the Linux distro tcpdump preinstalled but if it not installed in your system, you can install it in your system by using the following methods.

CentOS/RHEL

You can install tcpdump in CentOS/RHEL using the following command,

$ sudo yum install tcpdump

Fedora

On fedora, you should use below command to install tcpdump,

$ dnf install tcpdump

Ubuntu/Debian/Linux Mint

Similarly, you can use below command on Ubuntu or Debian or Linux Mint to install tcpdump,

$ apt-get install tcpdump

Now let’s go with tcpdump command examples.

Examples:

We will use below created file as an input for sample command

Example 1: Capture packets from all interface

Use command tcpdump to capture network package, as shown below:

# tcpdump

Example 2: Capture packets from a specific interface

You can use the “tcpdump” command with the option “-i” and interface name to capture the network package from specific interface.

# tcpdump -i eth0

Example 3: Check available interfaces

You can use the “tcpdump” command with the “-D” option to display available all interface in system, as shown below.

# tcpdump -D