tcpdump command snippets
Copy-paste-ready tcpdump commands for capturing, filtering, and saving network traffic.
- tcpdump command snippets
- Capture All Traffic on an Interface with tcpdump
- Capture Traffic Without DNS Resolution with tcpdump
- Capture HTTPS Traffic with tcpdump
- Capture DNS Queries with tcpdump
- Save a Capture to a File with tcpdump
- Read a Saved Capture File with tcpdump
- Show Packet Contents in ASCII with tcpdump
- Capture Only SYN Packets (New Connections) with tcpdump
- Capture Traffic Excluding SSH with tcpdump
tcpdump command snippets
Copy-paste-ready tcpdump commands for capturing, filtering, and saving network traffic.
Capture All Traffic on an Interface with tcpdump
tcpdump captures every packet on the specified interface:
sudo tcpdump -i eth0Capture Traffic Without DNS Resolution with tcpdump
tcpdump skips hostname lookups for faster output:
sudo tcpdump -nn -i eth0Capture HTTPS Traffic with tcpdump
tcpdump filters TCP packets on port 443:
sudo tcpdump -i eth0 tcp port 443Capture DNS Queries with tcpdump
tcpdump filters UDP packets on port 53:
sudo tcpdump -i eth0 udp port 53Save a Capture to a File with tcpdump
tcpdump writes 1000 packets to a pcap file:
sudo tcpdump -i eth0 -w /tmp/capture.pcap -c 1000Read a Saved Capture File with tcpdump
tcpdump reads and displays a previously saved pcap file:
tcpdump -r /tmp/capture.pcapShow Packet Contents in ASCII with tcpdump
tcpdump displays the ASCII payload (useful for HTTP traffic):
sudo tcpdump -i eth0 -A port 80 -c 50Capture Only SYN Packets (New Connections) with tcpdump
tcpdump filters for TCP SYN flags to show new connections:
sudo tcpdump -i eth0 'tcp[tcpflags] & tcp-syn != 0'Capture Traffic Excluding SSH with tcpdump
tcpdump excludes SSH traffic to avoid capturing the admin session:
sudo tcpdump -i eth0 not port 22