Seq 1102422200 – This field describes the portion of sequence space covered by the data in this packet.Īck 4106543340 – This is the sequence number of the next data expected from the other direction on this connection This field can have a combination of given values. IP – The second field shows the name of the protocol in this example it is the internet protocolġ92.168.43.112.56786 – This shows the source IPv4 address the last field shows the port numberĢ3.57.14.17.443 – The next field shows the destination IP address and port number separated by a dotįlags – Here TCP flag field shows Finish Connection Acknowledgement.
The information is displayed in the hours:minutes:ac format where frac is the frac of a second since midnight. The typical syntax of a line displayed in the output is given below. It is capable of capturing and decoding many different protocols, such as TCP, UDP, ICMP, etc. The tcpdump command shows the information of each packet in a new line. By using the option -n you can disable the name resolution and using -nn will disable port resolution. When troubleshooting the network it is often easier to use IP addresses and port numbers. Here the output will get saved in the captured_packets.pacp file. You will see the message that 10 packets captured. Now use the given command in your terminal- sudo tcpdump -i any -c 10 -w captured_packets.pcap To save the captured packets by tcpdump command into a file you need to use the option -w (for write) with this command. For example, to stop capturing packets from the wlp1s0 interface after 10 packets we will use – sudo tcpdump -i wlp1s0 -c 10Īs you can see in the output command automatically stop capturing packets after it captured 10 packets.
How to specify the number of packets to captureīy using the option -c you can limit the number of packets that tcpdump command will capture. To stop tcpdump from capturing packet press ctrl+c. You manually need to interrupt this command from capturing packets. For example to capture packets from wlp1s0 interface. To capture packets from a specific network interface use the option -i or -interface with tcpdump command. How to capture packets from a specific network interface This command will display the list of interfaces and their state. You can use option -list-interfaces or -D to see the list of available interfaces to capture packets. How to display the list of all available interfaces in Linux The given command will start capturing packets and it will continue until it receives an interrupt signal. When no interface is mentioned tcpdump uses the first interface it finds and dumps all packets going through that interface. This will display output something like this –
The most basic use of tcpdump is to use without any options or arguments.
You can find a detailed list of options on the tcpdump man page. So add sudo whenever you are running this command. You always need to run this command in privileged mode otherwise you will get an error that this operation is not permitted. The general syntax of how to use tcpdump command in Linux is given below. Once it gets successfully installed you can start using it. If you are using Arch Linux or Manjaro then use – sudo pacman -S tcpdump In CentOS / RHEL, use – sudo yum install -y tcpdump