Q: What does tcpdump do? A: Packet capture Q: What can packets be captured besides tcpdump A: Wireshark Q: Why not Wireshark A: Wireshark cannot be used on Linux command lines

  • Description of the tcpdump command and an example
  • Series: What did I do when I had a server

Description of the tcpdump command

Key options

  • -c count: Specifies the number of prints
  • -i interface: Specifies the network interface, as commoneth0.lo, can be accessed throughifconfigPrint all network interfaces
  • -vv: Print as much information as possible

The filter

Filters, as the name implies, filter a portion of the packet, and filters use the syntax of pCAP-filter

So you can check out the PCAP-filter manual

# View all filters
$ man pcap-fliter
Copy the code

Filters can be divided into three simple categories

  • type: There are four typeshost.net.port.portrange
    • tcpdump port 22
    • tcpdump port ssh
  • dir: Source address and destination addresssrcdst
    • tcpdump src port ssh
  • proto: Agreement, yesip.arp.rarp.tcp.udp.icmp
    • tcpdump icmp

tcpdump examples

  • Command: netstat -i Description: Displays all network interfaces

  • Command: tcpdump -i eth0 Description: Monitor the packets of eth0 on the network interface

  • Run the tcpdump host 172.18.0.10 command. Description: Monitor data packets destined for 172.18.0.10

  • Tcpdump net 172.18.0.1/24 Description: Monitor all data packets on network 172.10.0.1/24

  • Tcpdump TCP port 443 Description: Listens for HTTPS requests

  • Command: tcpdump TCP port 443 and host 172.18.0.10 Description: Listen for HTTPS requests whose destination IP address or source IP address is 172.18.0.10

  • Tcpdump icmp Description: Listen to the ICMP protocol (such as the typical PING command)

  • Tcpdump ARP Description: Monitors ARP

  • Tcpdump ‘TCP [tcpflags] == tcp-SYN’ Description: If the TCP flag contains SYN, it can be used to monitor the three-way handshake

  • Command: tcpdump – vv TCP port 80 | grep ‘Host:’ explanation: find all the Host of HTTP

Related articles

  • A tcpdump Tutorial with Examples — 50 Ways to Isolate Traffic

I am Shanyue, a programmer who likes running and climbing mountains. I will regularly share full stack articles in my personal official account. If you are interested in full stack interviews, front-end engineering, GraphQL, Devops, personal server operations and microservices, please follow me