How To Tcpdump Linux

TCPDump is a command-line packet analyzer tool available on UNIX/Linux. It allows you to dump the traffic on a network and can be a very powerful tool for troubleshooting network issues. This post will guide you through the steps of using TCPDump on Linux, demonstrating some of its most useful commands.


Most Linux distributions come with TCPDump installed by default. For those that don’t, or if you need to update to the latest version, you can install TCPDump via the package manager.

For Ubuntu/Debian users, install it with:

sudo apt-get install tcpdump

And for CentOS/Fedora users:

sudo yum install tcpdump

Basic Usage

The basic syntax for using TCPDump is tcpdump options . If you run the command without any options, it will capture all the packets flowing through all the interfaces.

sudo tcpdump

This command will show raw packet data, which can be quite difficult to read. To make it more human-readable, you can use the -A option.

sudo tcpdump -A

Capturing Packets from a Specific Interface

If you want to capture packets from a specific interface, you can do so with the -i option. Here is an example of capturing packets from the eth0 interface:

sudo tcpdump -i eth0

Filtering Packets

TCPDump allows you to filter packets by IP, port, protocol, and more. Here is an example of capturing packets from a specific IP:

sudo tcpdump src

Writing Packets to a File

To save the captured packets for further analysis, use the -w option followed by the filename:

sudo tcpdump -w output.pcap

In conclusion, TCPDump is an incredibly powerful tool for network troubleshooting and analysis. With its various options and filters, you can capture exactly the data you need to diagnose issues or monitor your network’s performance.