See the list of interfaces on which tcpdump can listen:<\/p>\n
tcpdump -D<\/pre>\nListen on interface eth0:<\/p>\n
tcpdump -i eth0<\/pre>\nListen on any available interface (cannot be done in promiscuous mode. Requires Linux kernel 2.2 or greater):<\/p>\n
tcpdump -i any<\/pre>\nBe verbose while capturing packets:<\/p>\n
tcpdump -v<\/pre>\nBe more verbose while capturing packets:<\/p>\n
tcpdump -vv<\/pre>\nBe very verbose while capturing packets:<\/p>\n
tcpdump -vvv<\/pre>\nBe verbose and print the data of each packet in both hex and ASCII, excluding the link level header:<\/p>\n
tcpdump -v -X<\/pre>\nBe verbose and print the data of each packet in both hex and ASCII, also including the link level header:<\/p>\n
tcpdump -v -XX<\/pre>\nBe less verbose (than the default) while capturing packets:<\/p>\n
tcpdump -q<\/pre>\nLimit the capture to 100 packets:<\/p>\n
tcpdump -c 100<\/pre>\nRecord the packet capture to a file called capture.cap:<\/p>\n
tcpdump -w capture.cap<\/pre>\nRecord the packet capture to a file called capture.cap but display on-screen how many packets have been captured in real-time:<\/p>\n
tcpdump -v -w capture.cap<\/pre>\nDisplay the packets of a file called capture.cap:<\/p>\n
tcpdump -r capture.cap<\/pre>\nDisplay the packets using maximum detail of a file called capture.cap:<\/p>\n
tcpdump -vvv -r capture.cap<\/pre>\nDisplay IP addresses and port numbers instead of domain and service names when capturing packets (note: on some systems you need to specify -nn to display port numbers):<\/p>\n
tcpdump -n<\/pre>\nCapture any packets where the destination host is 192.168.1.1. Display IP addresses and port numbers:<\/p>\n
tcpdump -n dst host 192.168.1.1<\/pre>\nCapture any packets where the source host is 192.168.1.1. Display IP addresses and port numbers:<\/p>\n
tcpdump -n src host 192.168.1.1<\/pre>\nCapture any packets where the source or destination host is 192.168.1.1. Display IP addresses and port numbers:<\/p>\n
tcpdump -n host 192.168.1.1<\/pre>\nCapture any packets where the destination network is 192.168.1.0\/24. Display IP addresses and port numbers:<\/p>\n
tcpdump -n dst net 192.168.1.0\/24<\/pre>\nCapture any packets where the source network is 192.168.1.0\/24. Display IP addresses and port numbers:<\/p>\n
tcpdump -n src net 192.168.1.0\/24<\/pre>\nCapture any packets where the source or destination network is 192.168.1.0\/24. Display IP addresses and port numbers:<\/p>\n
tcpdump -n net 192.168.1.0\/24<\/pre>\nCapture any packets where the destination port is 23. Display IP addresses and port numbers:<\/p>\n
tcpdump -n dst port 23<\/pre>\nCapture any packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:<\/p>\n
tcpdump -n dst portrange 1-1023<\/pre>\nCapture only TCP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:<\/p>\n
tcpdump -n tcp dst portrange 1-1023<\/pre>\nCapture only UDP packets where the destination port is is between 1 and 1023 inclusive. Display IP addresses and port numbers:<\/p>\n
tcpdump -n udp dst portrange 1-1023<\/pre>\nCapture any packets with destination IP 192.168.1.1 and destination port 23. Display IP addresses and port numbers:<\/p>\n
tcpdump -n \"dst host 192.168.1.1 and dst port 23\"<\/pre>\nCapture any packets with destination IP 192.168.1.1 and destination port 80 or 443. Display IP addresses and port numbers:<\/p>\n
tcpdump -n \"dst host 192.168.1.1 and (dst port 80 or dst port 443)\"<\/pre>\nCapture any ICMP packets:<\/p>\n
tcpdump -v icmp<\/pre>\nCapture any ARP packets:<\/p>\n
tcpdump -v arp<\/pre>\nCapture either ICMP or ARP packets:<\/p>\n
tcpdump -v \"icmp or arp\"<\/pre>\nCapture any packets that are broadcast or multicast:<\/p>\n
tcpdump -n \"broadcast or multicast\"<\/pre>\nCapture 500 bytes of data for each packet rather than the default of 68 bytes:<\/p>\n
tcpdump -s 500<\/pre>\nCapture all bytes of data within the packet:<\/p>\n
tcpdump -s 0<\/pre>\n","protected":false},"excerpt":{"rendered":"See the list of interfaces on which tcpdump can listen: tcpdump -D Listen on interface eth0: tcpdump -i eth0 Listen on any available interface (cannot be done in promiscuous mode. Requires Linux kernel 2.2 or greater): tcpdump -i any Be verbose while capturing packets: tcpdump -v Be more verbose while capturing packets: tcpdump -vv Be […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3,6,13],"tags":[],"class_list":["post-747","post","type-post","status-publish","format-standard","hentry","category-freebsd","category-linux","category-novosti"],"_links":{"self":[{"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/posts\/747","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dety.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=747"}],"version-history":[{"count":1,"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/posts\/747\/revisions"}],"predecessor-version":[{"id":748,"href":"https:\/\/dety.net.ua\/index.php?rest_route=\/wp\/v2\/posts\/747\/revisions\/748"}],"wp:attachment":[{"href":"https:\/\/dety.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=747"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dety.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=747"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dety.net.ua\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=747"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}