These are notes I made while surfing the web looking into TCP Dump. You will most likely need to use
sudo to run most of the commands, but I'm leaving it off to make it shorter.
About TCP Dump
- It has more filtering capabilities and can filter while capturing packets, but it doesn't have the analytical tools that something like wireshark has1.
You can ask
tcpdump which interfaces it is able to listen to2.
Capture packets on an interface
To capture packets on an interface you pass its name to the
-i flag2 (here the interface I'll use is
tcpdump -i eno1
Save the packet capture to a file
The default behavior is for
tcpdump to send the output to standard output, to have it save the packets to a files use the
-w flag2 (you can call it anything, I'll call it
tcpdump -i eno1 -w dump.pcap
Increase the verbosity of the capture
To increase the amount if information that's captured, pass multiple
v arguments2 (in this case I'll use
tcpdump -i eno1 -vvv -w dump.pcap
By IP address
You can get all the packets being sent or received by a host using the
tcpdump host 192.168.1.12
By Sender IP Address
By Target IP Address
To filter out all the packets except those that are going to a specific target use the
dst host argument2.
tcpdump -i eno1 dst host 192.168.1.1
Sender and Target IP Addresses
You can combine parameters using the logical operators
tcpdump 'src 192.168.1.1 and dst 192.168.1.12'
The single quotes are optional and are just used to group the arguments together.
By port and/or protocol
tcpdump tcp port 22
You can use
icmp for the protocols and add multiple ports using a comma4.
tcpdump tcp port 22,80
Turn off hostname and port translation
The default behavior for
tcpdump is to translate the hostnames and ports to something human-readable if possible. To turn this off you pass in the
-n argument3. Since this stops having to look things up it will reduce the amount of overhead needed by
tcpdump -n -i eno1 port 22
Diogenes, Y. & Ozkaya, E. (2018). Cybersecurity, Attack and Defense Strategies : infrastructure security with Red Team and Blue Team tactics. Birmingham, UK: Packt Publishing.]
Johansen, G. (2017). Digital forensics and incident response : an intelligent way to respond to attacks. Birmingham, UK: Packt Publishing.
Beltrame, J. (2017). Penetration testing bootcamp : quickly get up and running with pentesting techniques. Birmingham, UK: Packt Publishing.
McPhee. & Beltrame, J. (2016). Penetration testing with Raspberry Pi : learn the art of building a low-cost, portable hacking arsenal using Raspberry Pi 3 and Kali Linux 2. Birmingham, UK: Packt Publishing.
Baxter, J., Orzach, Y. & Mishra, C. (2017). Wireshark revealed : essential skills for IT professionals : get up and running with Wireshark to analyze your network effectively. Birmingham, UK: Packt Publishing.