tcpdump

command network

Capture and analyze network traffic

Required Packages

sudo apt install -y tcpdump

Options

Interface (-i)

Network interface to capture on (default: first available, 'any' for all)

Packet count (-c)

Stop after capturing N packets

Write to file (-w)

Save raw packets to a pcap file

Read from file (-r)

Read packets from a pcap file instead of live capture

Verbosity

Don't resolve hostnames (-n) Don't resolve hostnames (-n)

Show IP addresses instead of hostnames (faster)

Don't resolve port names (-nn) Don't resolve port names (-nn)

Show port numbers instead of service names

Show ASCII (-A) Show ASCII (-A)

Print each packet in ASCII (useful for HTTP)

Show hex + ASCII (-X) Show hex + ASCII (-X)

Print each packet in hex and ASCII

Snapshot length (-s)

Bytes to capture per packet (0 = full packet, default: 262144)

Timestamp format

Filter expression

BPF filter (e.g. 'port 80', 'host 10.0.0.1', 'tcp and port 443')

sudo tcpdump -n