TCPdump

How to Use TCPdump?

by

TCPdump is a powerful command-line tool used to capture and analyze network traffic in real time. For anyone working in networking, security, or system administration, knowing how to use it is an essential skill.

It allows you to monitor packets traveling through a network interface. Unlike graphical tools, it operates directly from the terminal, making it lightweight and ideal for servers without a desktop environment.

What Does TCPdump Do?

When you run it, it listens on a selected network interface and displays captured packets. This includes information such as:

  • Source and destination IP addresses
  • Ports
  • Protocol type (TCP, UDP, ICMP)
  • Packet flags

Because this tool works at the packet level, it is extremely useful for troubleshooting connectivity issues and analyzing suspicious activity.

Basic Command

A simple command looks like this:

tcpdump -i eth0

This captures traffic on the “eth0” interface. If you want more readable output, you can add:

tcpdump -i eth0 -n

The -n option prevents hostname resolution, making output faster and clearer.

Using Filters in TCPdump

One of the most powerful features of this command is filtering. Filters allow you to capture only relevant traffic.

For example:

  • Capture traffic from a specific host:
    tcpdump host 192.168.1.10
  • Capture traffic on port 80:
    tcpdump port 80
  • Capture only TCP packets:
    tcpdump tcp

These filters make it efficient and precise when diagnosing issues.

Saving Captured Traffic

It can also save captured packets to a file for later analysis:

tcpdump -w capture.pcap

The saved file can then be opened in tools like Wireshark for deeper inspection.

Why Learn It?

It gives you direct visibility into what is happening on your network. It helps identify:

  • Failed connections
  • Latency issues
  • Suspicious traffic
  • Misconfigured services

Because it is lightweight and widely available on Linux systems, it is often the first tool engineers use when debugging network problems.

Conclusion

The command may seem intimidating at first, but its basic commands are straightforward. Once you understand filtering and capture options, it becomes an indispensable troubleshooting tool.

If you want deeper insight into network communication, learning the tool is a smart investment.