TCPDUMP – Network Packet Analyzer

This is very important and helpful command  and  every system admin should know about this .Refer this article,and try it and be an expert !!!

What is tcpdump ? 

tcpdump allows us to save the packets that are captured, so that we can use it for future analysis. The saved file can be viewed by the same tcpdump command

Here I am giving you some examples to understand...

1 .     Capture packets from a particular Ethernet interface using

#tcpdump –i eth0 



      2.  Capture only N number of packets using tcpdump

         #tcpdump –c    2 -i eth0 [It will capture 2 packets]





     3.  Display Captured Packets in ASCII using tcpdump –A






       4.   Display Captured Packets in HEX and ASCII using tcpdump -XX

     




     5.    Capture the packets and write into a file using tcpdump –w







    6.  Reading the packets from a saved file using tcpdump –r





7.  Capture packets with IP address using tcpdump –n

     



   8.  Capture packets with proper readable timestamp using tcpdump -tttt





   9.   Read packets longer than N bytes

                                                                                                                                                                   



   10.  Receive only the packets of a specific protocol type









    11. Read packets lesser than N bytes





   12.   Receive packets flows on a particular port using tcpdump port





   13. Capture packets for particular destination IP and Port 





   14.    tcpdump Filter Packets –Capture all the packets other than arp and tcp