Tcpdump is a command line packet sniffer. Packet sniffer is a computer software that captures the incoming and outgoing traffic over a network. Tcpdump runs on all Unix/Linux operating system and it uses libpcap library to capture network traffic. Installing tcpdump on Ubuntu is very easy. You can install this by running a simple command on terminal.
apt-get install tcpdump
It can also be used to debug the network setup. Mostly tcpdump and wireshark are used combined. Network administrators capture the packets via tcpdump and then use wireshark to view/analyze these captured packets. “tcpdump -w” parameter is used to write out put of tcpdump to some file. Here is a list of tcpdump commands which are most commonly used.
- “tcpdump -i eth0” is used to capture the udp traffic on eth0.
- “tcpdump port test” is used to capture traffic at specified port (Specify port in place of ‘test’ ).
- “tcpdump -c n” is used to stop capture after ‘n’ packets. Where ‘n’ could be any integer value.
- “tcpdump -d any” is used to see traffic at all ports/interfaces.
- “tcpdump -v” is used to display the verbose output.
Further you can explore more about tcpdump by using “man tcpdump” command on your Ubuntu terminal. Enjoy!