TcpDump to Capture and Read Network Packets

Geeks you must be aware of Network Protocol Analyzers as there are couple of commands like “tcpdump” etc. in standard RHCE Training module.

So here I am showing you a very simple way of using tcpdump to capture data packets in a file and then reading them.

Here I had used the simple tcpdump command – tcpdump -w todayresult.pcap -i eth0

You are free to use many useful options provided by tcpdump. Some interesting options are:

-c <n> – by default tcpdump will keep on giving you or storing the output unless you press ctrl+c. So instead you can specify like say “-c 5” option to give you only 5 packets captured.

-n – Like in IPTables, by default tcpdump will try to resolve the names. If you want to skip that use -n i.e no name resolution.

fddi, tr, wlan, ip, ip6, arp, rarp, decnet, tcp and udp – You can use any of these protocols to be captured. Like I can give – “tcpdump -i eth0 tcp”. Just to capture only “tcp” packets.

PS: You can add “not”, “and” & “or” in front of any protocol for specific capturing. Like – tcpdump -i eth0 not arp not udp

There are many more interesting options to dig. But I am ending it there.

Below is the snapshot from my machine showing you how to capture packets, redirecting it in a file and then reading them.

Using tcpdump to capture and read packets

Using tcpdump to capture and read packets

Advertisements