Tcpdump is a powerful command-line packet analyzer. It allows us to display TCP/IP and other packets being transmitted or received over a network. We collect 30 tcpdump filters to help you learn tcpdump quickly.
30 tcpdump examples to filter packets
How to filter MAC addresses using tcpdump?
Use the host option on the tcpdump command to limit output to a specific MAC address: tcpdump ether host aa:bb:cc:11:22:33
How to filter tcpdump on a specific port ?
Use the port option on the tcpdump command to specify a port: tcpdump ether port 80
How to read tcpdump output?
There is a read option on tcpdump, which is represented by the switch -r as in: tcpdump -r file_path_and_name
How to capture packets with tcp flag filter?
FIN, ACK = 17 (1 + 16)
SYN, ACK = 18 (2 + 16)
PSH, ACK = 24 (8 + 16)
FIN, PSH = 9 (1 + 8)
FIN, PSH, ACK = 25 (1 + 8 + 16)
Related post:
10 Useful Linux tcpdump command examples
20 Advanced Tcpdump Examples On Linux
