Tcpdump tool (Network traffic tracking)
| F.A.Q.Tcpdump is a command-line tool used to capture and analyze network traffic on computer systems. It allows you to monitor network packets passing through a specific network interface on a device.
Tcpdump can be used to capture, save and analyze network packets in real time or from previously saved files. It allows filtering of captured packets based on various criteria, such as source and destination addresses, protocol, ports and more.
The tcpdump tool is widely used by network administrators, developers, security analysts and other network professionals to diagnose, debug, analyze and monitor network traffic.
Running the program with the tcpdump command without parameters will run on the first active interface and find and display information about packets entering or leaving a network device.
The following can be performed on servers that are available for purchase at serverparts.pl and in the servers for ISP category
Tcpdump can be used to capture, save and analyze network packets in real time or from previously saved files. It allows filtering of captured packets based on various criteria, such as source and destination addresses, protocol, ports and more.
The tcpdump tool is widely used by network administrators, developers, security analysts and other network professionals to diagnose, debug, analyze and monitor network traffic.
Running the program with the tcpdump command without parameters will run on the first active interface and find and display information about packets entering or leaving a network device.
The following can be performed on servers that are available for purchase at serverparts.pl and in the servers for ISP category
If we want the program to track traffic for us on a specific interface and point to a page serverparts.pl we type the following command
tcpdump -i eno1 -v | grep serverparts.pl
Capture packets on interface ppp0 on port 22
tcpdump -i ppp0 port 22
Useful commands:
sudo tcpdump 'udp' - capture only UDP packets
sudo tcpdump 'tcp port 80' - HTTP packet capture
tcpdump -i eno1 port 22 or port 554 - capture packets on the eno1 interface only from port 22 and from port 554>.
tcpdump -i eno1 -c 100 host 192.168.1.200 - capturing packets on the eno1 interface with a packet count of 100 for host 192.168.1.200
| Parametr | Description |
|---|---|
| -i | Listening on a specific interface. |
| -n | It does not resolve hostnames. |
| -t | It prints a human-readable timestamp in each line of the dump, |
| -X | Displays the contents of the package in both hexadecimal and ascii formats. |
| -v, -vv, -vvv | Enables detailed logging/details (which, among other things, will give us a running total of captured packets) |
| -c N | It downloads only N packets and then stops. |
| -s | Specifies the length (size) of the capture in bytes. Use -s0 to get everything, unless you are intentionally capturing less. |
| -S | Display of absolute sequence numbers. |
Related Pages
- pktmon tools (Network traffic tracking)
- Wireshark (Network traffic analysis)
- Supermicro 25 Gbit Network Solutions