Tcpdump is a CLI tool to capture raw network packets. This is useful for various forms of network troubleshooting. This cheat sheet covers all the basic and advanced options for tcpdump.
Purpose of Tcpdump
This tool is mainly used for troubleshooting network problems. For example, if we can have a DNS query issue, we can use this command to capture all the DNS packets to check out what happened.
We can use this tool for the following purpose.
Troubleshoot network problems
Examine security problems
Debug protocol implementations
Learn network protocols
How to Run tcpdump?
We can run tcpdump in local server or remote server with an SSH session. It accepts many filters and allows us to display data about packets going in and out of an interface. We can also filter syntax which is very powerful.
When we run the tcpdump command without any options then it will capture packets of all the interfaces. We can stop or cancel the tcpdump command by typing “ctrl+c” .
Basic Packet Capturing Options In Tcpdump
Tcpdump command can be used to filter all different packets.
For more tcpdump command examples, please check here.
Advanced Logical Operators in Tcpdump
We can get more advanced tcpdump command examples from here.