How to use Tcpdump packet analyzer


FromWikiperdia definition of this software: tcpdump is a common packet analyzer that runs under the command line. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.[3] Distributed under the BSD license,[4] tcpdump is free software.

Tcpdump works on most Unix-like operating systems: Linux, Solaris, FreeBSD, DragonFly BSD, NetBSD, OpenBSD, OpenWrt, macOS, HP-UX 11i, and AIX. In those systems, tcpdump uses the libpcap library to capture packets. The port of tcpdump for Windows is called WinDump; it uses WinPcap, the Windows port of libpcap.

i will try to give some examples from my Live Mint Linux

How to Install TCPDUMP in Linux


Fedora/ Centos



About My Servers  its    Linux mint: with these Ethernet  devices

1-Select interface that the capture is to take place

The command scroll up non-stop until you interrupt it. its  tracking  every package  going thru the devices (-i)   ( for other devices systems can be called eth0 or something else)

2-Find Traffic Using Ports and Port Ranges

in this way you can capture traffic on specific ports or from ports ranges. lets give  een example to find traffic on port 80

3-Find Traffic Based on Packet Size

Are you looking for packets of a particular size themn use these options. You can use options like less, greater,

4-Find Traffic by IP

One of the most common queries, this will show you traffic from whether it’s the source or the destination.

4-1-Filtering by Source and Destination

isolate traffic based on either source or destination using src and dst options.

4-2-Finding Packets by Network

To find packets going to or from a particular network,

5-Capture and Save Packets in a File and read from file 

5-1-capture and save packets into a file

user (Control+c) to  interrupt  saving

5-2-Read the packets capter from the file.

6-Capture Only limited number of Packets

This example to get only 10 packets.  use the option of (-c)

7-How to Capture Packets in HEX and ASCII

The option of -XX capture the data of each packet, including its link level header in HEX and ASCII format.

8-Capture Cookies from Server and from Client

Capturing cookies 🙂

9–Find SSH Connections

This is an very smart method to detect ssh Connection even from someome trying to connect to  a non-standard ssh port

10-Capture Clear text  password

10-1-Extract HTTP Passwords in POST Requests

get some passwords from the POST data. Will include Host: so we know what the password is used for.

10-2-Capter Other clear password from other services 

11-Find Out Which Switch Port Connected to Server using tcpdump

In Corporate Environments,  you need to find out which Network switch and switch port are connected to which NIC of the server. to find out network switch and switch port which is connected to a NIC. please  use this  command:

tcpdump is one of the top network analyzer tools and has tons of options to analyze your network from incoming and outgoing packets.

Spread the love
  • 5

PS. If you like this post please share it with your friends on the social networks using the buttons above.Thanks.


Please enter your comment!
Please enter your name here