tcpdump

tcpdump [ -AbdDefIKlLnNOpqRStuUvxX ] [ -B buffer_size ] [ -c count ]
        [ -C file_size ] [ -G rotate_seconds ] [ -F file ]
        [ -i interface ] [ -m module ] [ -M secret ]
        [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
        [ -W filecount ]
        [ -E spi@ipaddr algo:secret,...  ]
        [ -y datalinktype ] [ -z postrotate-command ] [ -Z user ]
        [ expression ]

tcpdump captures packets efficiently from the network. They can either be displayed as they are received or saved to a file for later processing.

The Linux version of snoop.

Examples

Capture all traffic on the default interface

$ sudo tcpdump

Capture all traffic featuring host loki

$ sudo tcpdump host loki

Capture all traffic from loki

$ sudo tcpdump src loki

Capture all traffic to loki

$ sudo tcpdump dst loki

Capture all ICMP (ping) traffic from host loki

$ sudo tcpdump icmp and src loki

Write traffic to a file

$ sudo tcpdump -w output.cap

Analyse a capture file

$ sudo tcpdump -r output.cap

shellspells beta

tcpdump

Examples