Table of Contents

TCPdump Examples

TCPdump Examples

Capture only ICMP packets

tcpdump -ni eth0 icmp

Ignore specific port

tcpdump -ni eth0 not port 22
tcpdump -ni eth0 tcp and not port 22

Multiple match criteria

Use logic and/or/not parameters in the match statement

tcpdump -ni enp1s9 dst 192.168.6.1 and port 443
tcpdump -ni enp1s9 src 192.168.6.2 and dst port 80
tcpdump -ni enp1s9 dst 192.168.6.1 and src 192.168.6.2 and src port 80

Multiple match criteria with and/or logic

Use brackets () to group matches together

tcpdump -ni eth0 \(tcp or udp\) and \(port 80 or 443 or 53\)

Write captured packets to a file

tcpdump -ni eth0 -s 1500 -w /tmp/capture.pcap
tcpdump -ni eth0 -s 1500 -w /tmp/capture.pcap tcp and not port 22
tcpdump -ni eth0 -s 1500 -w /tmp/capture.pcap \(tcp or udp\) and \(port 80 or 443 or 53\)