{"id":8005,"date":"2021-07-10T12:17:27","date_gmt":"2021-07-10T12:17:27","guid":{"rendered":"https:\/\/linuxways.net\/?p=8005"},"modified":"2021-07-10T12:17:27","modified_gmt":"2021-07-10T12:17:27","slug":"how-to-use-tcpdump-command-in-ubuntu-20-04","status":"publish","type":"post","link":"https:\/\/linuxways.net\/de\/ubuntu\/how-to-use-tcpdump-command-in-ubuntu-20-04\/","title":{"rendered":"How to Use tcpdump Command in Ubuntu 20.04"},"content":{"rendered":"

Introduction<\/h2>\n

tcpdump is a very useful command to inspect and capture network packets that go into and from your machine. It\u2019s one of the most common networking utilities to troubleshoot network problems and security issues.<\/p>\n

Although its name is tcpdump but it can be used to inspect non-TCP traffic included UDP, ARP, or ICMP.<\/p>\n

This tutorial will show you the way to use the tcpdump command in a Linux system.<\/p>\n

Install tcpdump<\/h2>\n

By default, tcpdump is installed on most Linux distributions. To verify whether the tcpdump is installed or not, run the following command:<\/p>\n

$ tcpdump --version<\/pre>\n
Output:<\/p>\n
<\/p>\n
If it has not been installed yet, let\u2019s run:<\/p>\n
$ sudo apt update<\/pre>\n
$ sudo apt install tcpdump<\/pre>\n
Capture packets on network interfaces<\/h2>\n
When you run tcpdump without any options, it will capture all the packets on all of the network interfaces on your computer.<\/p>\n
$ sudo tcpdump<\/pre>\n
<\/p>\n
You have to press Ctrl + C to stop.<\/p>\n
To list all of the network interfaces that their packets can be inspected by the tcpdump command, run:<\/p>\n
$ sudo tcpdump -D<\/pre>\n
The output:<\/p>\n
<\/p>\n
If you want to capture packets on a specific network interface and limits packet to 6, run the following command:<\/p>\n
$ sudo tcpdump -i eth0 -c 6<\/pre>\n
The output:<\/p>\n
<\/p>\n
Capture network packets on a specific host<\/h2>\n
To capture the packets from a specific host. You can simply run the following command:<\/p>\n
$ sudo tcpdump -n host 172.19.11.101 -c 5<\/pre>\n
<\/p>\n
Capture network packets on a specific port<\/h2>\n
If you want to filter only network packets on a specific port, let\u2019s run the tcpdump command with the -n port option.<\/p>\n
$ sudo tcpdump -n port 22<\/pre>\n
<\/p>\n
Capture network packets from source and destination<\/h2>\n
If you want to filter only network packets that come from a specific source, let\u2019s run the tcpdump command with the src option.<\/p>\n
$ sudo tcpdump src 172.19.11.210<\/pre>\n
For the purpose of capturing only network packets to a specific destination, run the tcpdump command with the dst option.<\/p>\n
$ sudo tcpdump dst 172.19.11.210<\/pre>\n
Capture network packets with many combined filters<\/h2>\n
In order to combine many filters when running the tcpdump command, you can use these operators: and (&&), or (||), not (!). For example, the following command will capture all packets that come from the source 172.19.11.210 via port 22.<\/p>\n
$ sudo tcpdump src 172.19.11.210 && -n port 22 -c 5<\/pre>\n
Filter network by a protocol<\/h2>\n
To capture the network packets of a particular protocol, let\u2019s specify the protocol name as a command option. For example:<\/p>\n
$ sudo tcpdump -n udp<\/pre>\n
Conclusion<\/h2>\n
You\u2019ve already go through the details of how to use the tcpdump command for troubleshooting and analyzing the network on your Linux system.<\/p>\n
If you have any concerns, please let me know. Thank you for reading.<\/p>","protected":false},"excerpt":{"rendered":"
Introduction tcpdump is a very useful command to inspect and capture network packets that go into and from your machine. It\u2019s one of the most common networking utilities…<\/p>","protected":false},"author":1,"featured_media":8247,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[402,100],"class_list":["post-8005","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-ubuntu","tag-tcpdump","tag-ubuntu-20-04"],"_links":{"self":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/8005","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/comments?post=8005"}],"version-history":[{"count":0,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/posts\/8005\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media\/8247"}],"wp:attachment":[{"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/media?parent=8005"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/categories?post=8005"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/linuxways.net\/de\/wp-json\/wp\/v2\/tags?post=8005"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}