Tips & Tricks

Tcpdump Cheatsheet

This post contains various commands that may come in useful when utilizing tcpdump. This article will be expanded upon as time goes on.

Basic Usage

Run tcpdump to collect traffic:
sudo tcpdump -i <interface>

Run tcpdump with verbosity:
sudo tcpdump -i <interface> -v

Disable DNS Conversation:
sudo tcpdump -i <interface> -n

Quieter output:
sudo tcpdump -i <interface> -q

Specify the number of packets to capture:
sudo tcpdump -i <interface> -c 100

Applying Filters

Filter based on ICMP requests:
sudo tcpdump -i <interface> icmp

Filter based on IP or hostname:
sudo tcpdump -i <interface> host <hostname>

Filter based on specific source/destination address:
sudo tcpdump -i <interface> src and dst

Rather than filter based on source/destination, you can use Grep:
sudo tcpdump -i <interface> | grep <ipAddr>

Saving / Reading Output

To save output to a text file:
sudo tcpdump -i <interface> -w output_file.txt

To read output from a text file:
sudo tcpdump -i <interface> -r output_file.txt