Tcpdump Cheatsheet

This post contains various commands that may come in useful when utilizing tcpdump. This article will be expanded upon as time goes on.

Run tcpdump to collect traffic:
sudo tcpdump -i <interface>

Run tcpdump with verbosity:
sudo tcpdump -i <interface> -v

Disable DNS Conversation:
sudo tcpdump -i <interface> -n

Quieter output:
sudo tcpdump -i <interface> -q

Specify the number of packets to capture:
sudo tcpdump -i <interface> -c 100

Filter based on ICMP requests:
sudo tcpdump -i <interface> icmp

Filter based on IP or hostname:
sudo tcpdump -i <interface> host <hostname>

Filter based on specific source/destination address:
sudo tcpdump -i <interface> src 10.0.0.1 and dst 10.0.0.2

Rather than filter based on source/destination, you can use Grep:
sudo tcpdump -i <interface> | grep <ipAddr>

Saving / Reading Output

To save output to a text file:
sudo tcpdump -i <interface> -w output_file.txt

To read output from a text file:
sudo tcpdump -i <interface> -r output_file.txt

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Connecting to %s