tcpdump.png

Tcpdump: Filter Packets with Port

Updated: 7 days ago

Tcpdump is a CLI tool to capture raw network packets. It is very useful for various forms of network troubleshooting. We will learn how to filter packets with ports in tcpdump command.



TCP and UDP Ports

TCP and UDP can both multiplex using port numbers to work with multiple applications. For example, DHCP uses UDP ports 67 and 68, RIP uses UDP port 520, and HTTP uses TCP port 80.


Both Tcp and UDP use connection as their fundamental abstraction. Connections are identified by a pair of endpoints.


We will take the following two connections as examples.

(128.2.254.139, 1184) <=> (128.10.2.3, 53) tcp

(128.2.254.139, 2012) <=> (128.10.2.4, 22) udp




Filter Packets with Specific Port

If we need to filter packets for the first connection, we can use the following ways.

tcpdupm -i interface port 1184
tcpdupm -i interface port 53

Filter Packets with Port Direction

To be more specific, we can add the port direction like this.(dst-> destination, src->source)

tcpdupm -i interface dst port 53
tcpdupm -i interface src port 1184
tcpdupm -i interface src port 1184 and dst port 53



Filter Packets with Host and Port

If we need to filter packets for both two connections, we can use the following commands.

tcpdupm -i interface dst host 128.10.2.3 or dst host 128.10.2.4
tcpdupm -i interface dst port 53 or dst port 22
tcpdupm -i interface dst port 53 and dst host 128.10.2.3

Filter Packets with TCP UDP Port

If we need to filter the packets for the first TCP connection, we can use this command.

tcpdupm -i interface dst port 53 and tcp

For the second UDP connection, we can use this.

tcpdupm -i interface dst port 22 and UDP


64 views

Join our newsletter! Get a free cloud server!  Never miss a post!

Thanks for submitting!