TCPdump: A Powerful Network Packet Analyzer
A Thread with examples 👇
A Thread with examples 👇
What is TCPDUMP?
🔍 TCPdump is a widely-used command-line packet analyzer for capturing & analyzing network traffic. It's an essential tool for network troubleshooting and security analysis.
Let's explore some common use cases with these 15 examples! #TCPdump #NetworkAnalysis
🔍 TCPdump is a widely-used command-line packet analyzer for capturing & analyzing network traffic. It's an essential tool for network troubleshooting and security analysis.
Let's explore some common use cases with these 15 examples! #TCPdump #NetworkAnalysis
1) Capture All Traffic:
$ sudo tcpdump -i eth0
Capture traffic on interface eth0 and display packet details in real-time.
$ sudo tcpdump -i eth0
Capture traffic on interface eth0 and display packet details in real-time.
2) Save Captured Traffic to a File:
$ sudo tcpdump -i eth0 -w capture.pcap
Capture traffic on eth0 and save it to a file named "capture.pcap" for further analysis.
$ sudo tcpdump -i eth0 -w capture.pcap
Capture traffic on eth0 and save it to a file named "capture.pcap" for further analysis.
3) Display Captured Traffic:
$ tcpdump -r capture.pcap
Read and display packet details from a previously captured file "capture.pcap".
$ tcpdump -r capture.pcap
Read and display packet details from a previously captured file "capture.pcap".
4) Filter Traffic by Source IP:
$ tcpdump src 192.168.0.1
Capture packets originating from a specific source IP address, such as 192.168.0.1.
$ tcpdump src 192.168.0.1
Capture packets originating from a specific source IP address, such as 192.168.0.1.
5) Filter Traffic by Destination IP:
$ tcpdump dst 192.168.0.1
Capture packets destined for a specific IP address, e.g., 192.168.0.1.
$ tcpdump dst 192.168.0.1
Capture packets destined for a specific IP address, e.g., 192.168.0.1.
6) Filter Traffic by Port:
$ tcpdump port 80
Capture packets with a specific port number, like port 80 (HTTP).
$ tcpdump port 80
Capture packets with a specific port number, like port 80 (HTTP).
7) Filter Traffic by Protocol:
$ tcpdump icmp
Capture packets using a specific network protocol, such as ICMP (ping).
$ tcpdump icmp
Capture packets using a specific network protocol, such as ICMP (ping).
8) Display Traffic in ASCII:
$ tcpdump -A
Display packet contents in ASCII format for better readability.
$ tcpdump -A
Display packet contents in ASCII format for better readability.
9) Display Traffic in Hexadecimal:
$ tcpdump -X
Show packet contents in hexadecimal and ASCII format.
$ tcpdump -X
Show packet contents in hexadecimal and ASCII format.
10) Capture Specific Number of Packets:
$ tcpdump -c 100
Capture only the first 100 packets and then exit.
$ tcpdump -c 100
Capture only the first 100 packets and then exit.
11) Capture and Display IPv6 Traffic:
$ tcpdump -6
Capture and analyze IPv6 packets for comprehensive network analysis.
$ tcpdump -6
Capture and analyze IPv6 packets for comprehensive network analysis.
12) Display Captured Traffic in Timestamp Format:
$ tcpdump -tttt
Display captured packets with a timestamp in a human-readable format.
$ tcpdump -tttt
Display captured packets with a timestamp in a human-readable format.
13) Capture Traffic on a Specific Interface:
$ tcpdump -i wlan0
Capture network traffic on a specific interface, such as wlan0 (wireless interface).
$ tcpdump -i wlan0
Capture network traffic on a specific interface, such as wlan0 (wireless interface).
14) Capture Specific Protocol and Port:
$ tcpdump tcp port 443
Capture only TCP packets on port 443 (HTTPS) for analysis.
$ tcpdump tcp port 443
Capture only TCP packets on port 443 (HTTPS) for analysis.
15) Filter Traffic by Source and Destination:
$ tcpdump src 192.168.0.1 and dst 192.168.0.2
Capture packets between a specific source IP (192.168.0.1) and destination IP (192.168.0.2).
$ tcpdump src 192.168.0.1 and dst 192.168.0.2
Capture packets between a specific source IP (192.168.0.1) and destination IP (192.168.0.2).
🔍 TCPdump offers advanced capabilities for in-depth network analysis. Let's explore some complex examples that demonstrate the power and flexibility of TCPdump in capturing and dissecting network packets. Get ready for an exciting journey into advanced network analysis! #TCPdump
1) Capture HTTP Request and Response Headers:
$ tcpdump -i eth0 -s 0 -A -n 'tcp dst port 80'
Capture and display HTTP traffic on port 80, including both request and response headers (-A for ASCII output).
$ tcpdump -i eth0 -s 0 -A -n 'tcp dst port 80'
Capture and display HTTP traffic on port 80, including both request and response headers (-A for ASCII output).
2) Filter Traffic by IP Range and Protocol:
$ tcpdump -i eth0 'net 192.168.0.0/24 and (tcp port 22 or icmp)'
Capture packets within the IP range 192.168.0.0/24, filtering for SSH (port 22) and ICMP traffic.
$ tcpdump -i eth0 'net 192.168.0.0/24 and (tcp port 22 or icmp)'
Capture packets within the IP range 192.168.0.0/24, filtering for SSH (port 22) and ICMP traffic.
3) Capture DNS Traffic and Resolve Hostnames:
$ tcpdump -i eth0 'udp port 53' -nnvvv
Capture DNS packets on port 53 and display verbose output (-nnvvv) without hostname resolution.
$ tcpdump -i eth0 'udp port 53' -nnvvv
Capture DNS packets on port 53 and display verbose output (-nnvvv) without hostname resolution.
4) Capture FTP Control Channel Traffic:
$ tcpdump -i eth0 -s 0 'tcp port 21'
Capture FTP control channel traffic on port 21, which includes commands and responses exchanged between the FTP client and server.
$ tcpdump -i eth0 -s 0 'tcp port 21'
Capture FTP control channel traffic on port 21, which includes commands and responses exchanged between the FTP client and server.
5) Monitor SSH Connections:
$ tcpdump -i eth0 'tcp port 22' -l -e
Monitor SSH connections by capturing packets on port 22, displaying them in real-time (-l), and including Ethernet headers (-e).
$ tcpdump -i eth0 'tcp port 22' -l -e
Monitor SSH connections by capturing packets on port 22, displaying them in real-time (-l), and including Ethernet headers (-e).
Remember, TCPdump provides numerous filtering options to refine your analysis based on specific criteria. Experiment with different filters to gain valuable insights into your network traffic.
That's all for now! #TCPdump #NetworkAnalysis
That's all for now! #TCPdump #NetworkAnalysis
Retweet the thread if you find it useful. Thanks!
Loading suggestions...