howtouselinux

Learn tcpdump Filter Quick Guide

Table of Contents

Tcpdump is a powerful command-line packet analyzer. It allows us to display TCP/IP and other packets being transmitted or received over a network. We collect 30 tcpdump filters to help you learn tcpdump quickly.

30 tcpdump examples to filter packets

How to filter MAC addresses using tcpdump?

Use the host option on the tcpdump command to limit output to a specific MAC address: tcpdump ether host aa:bb:cc:11:22:33

How to filter tcpdump on a specific port ?

Use the port option on the tcpdump command to specify a port: tcpdump ether port 80

How to read tcpdump output?

There is a read option on tcpdump, which is represented by the switch -r as in: tcpdump -r file_path_and_name

How to capture packets with tcp flag filter?

FIN, ACK = 17 (1 + 16)

SYN, ACK = 18 (2 + 16)

PSH, ACK = 24 (8 + 16)

FIN, PSH = 9 (1 + 8)

FIN, PSH, ACK = 25 (1 + 8 + 16)

Related post:

David Cao
David is a Cloud & DevOps Enthusiast. He has years of experience as a Linux engineer. He had working experience in AMD, EMC. He likes Linux, Python, bash, and more. He is a technical blogger and a Software Engineer. He enjoys sharing his learning and contributing to open-source.

Welcome to howtouselinux.com!

Our website is dedicated to providing comprehensive information on using Linux.

We hope you find our site helpful and informative, and we welcome your feedback and suggestions for future content.

Learn More

Facebook
Twitter
LinkedIn