What is tcpdump command

To capture packets from a specific network interface sudo tcpdump -i wlo1 This command will now capture the packets from wlo1 network interface.

To capture specific number of packets sudo tcpdump -c 4 -i wlo1 This command will capture only 4 packets from the wlo1 interface. To display all available interfaces sudo tcpdump -D This command will display all the interfaces that are available in the system. Skip to content. Change Language. Related Articles. Table of Contents. Save Article. Improve Article. A typical TCP packet captured by tcpdump looks like this:.

The first field, Next, IP represents the network layer protocol—in this case, IPv4. For IPv6 packets, the value is IP6. The next field, This is followed by the destination IP address and port, represented by Typical values for this field include:. This field can also be a combination of these values, such as [S. Next is the sequence number of the data contained in the packet.

For the first packet captured, this is an absolute number. Subsequent packets use a relative number to make it easier to follow. In this example, the sequence is seq , which means this packet contains bytes to of this flow. This is followed by the Ack Number: ack 1.

In this case, it is 1 since this is the side sending data. For the side receiving data, this field represents the next expected byte data on this flow. For example, the Ack number for the next packet in this flow would be Finally, we have the packet length, length , which represents the length, in bytes, of the payload data.

The length is the difference between the last and first bytes in the sequence number. Now let's learn how to filter packets to narrow down results and make it easier to troubleshoot specific issues. As mentioned above, tcpdump can capture too many packets, some of which are not even related to the issue you're troubleshooting.

For example, if you're troubleshooting a connectivity issue with a web server you're not interested in the SSH traffic, so removing the SSH packets from the output makes it easier to work on the real issue.

One of tcpdump's most powerful features is its ability to filter the captured packets using a variety of parameters, such as source and destination IP addresses, ports, protocols, etc. Let's look at some of the most common ones. To filter packets based on protocol, specifying the protocol in the command line. For example, capture ICMP packets only by using this command:. Back in the tcpdump capture, notice that tcpdump captures and displays only the ICMP-related packets.

In this case, tcpdump is not displaying name resolution packets that were generated when resolving the name opensource. In this example, tcpdump captures and displays only packets to and from host To filter packets based on the desired service or port, use the port filter. For example, capture packets related to a web HTTP service by using this command:.

You can also filter packets based on the source or destination IP Address or hostname. For example, to capture packets from host Notice that tcpdumps captured packets with source IP address The response packets are not displayed since their source IP is different.

You can also combine filters by using the logical operators and and or to create more complex expressions. For example, to filter packets from source IP address You can create more complex expressions by grouping filter with parentheses. In this case, enclose the entire filter expression with quotation marks to prevent the shell from confusing them with shell expressions:. This is a quick way of examining both sides of the same flow. In the previous examples, we're checking only the packets' headers for information such as source, destinations, ports, etc.

Sometimes this is all we need to troubleshoot network connectivity issues. Sometimes, however, we need to inspect the content of the packet to ensure that the message we're sending contains what we need or that we received the expected response. Hi , you are teaching how to capture packet not to analyzing it. So kindly teach us how to analyze a packet.

For analyzing a packet, I would suggest using something like Wireshark. There is plenty of information out there on how to do packet analysis. Additionally, you would do very well to read the Hi, Thanks for the great article.

Your email address will not be published.