tcpdump

A cheat sheet for tcpdump.

Getting started

Help

-i - interface (specific network interface) -v - verbose (specifies that you want to display detailed processing information on your screen)

 
tcpdump –help

Capturing data from hosts

wlp20 - is your network interface. tcpdump -i wlp2s0 - Capture from specific interface ( Ex: wlp2s0)

 
tcpdump -i wlp2s0 -v host google.com

Playing around with filters:

Capture the network packets sent to source machine

src -> source

 
tcpdump -i wlp2s0 -v src 192.168.1.1

Capture the network packets sent from destination machine

dst -> destination

 
tcpdump -i wlp2s0 -v dst 192.168.1.1

Captures the network from all device in this network

net -> subnet / entire network

 
tcpdump -i wlp2s0 -v net 192.160.1.0/24

Protocol specific data capture:

and, or -> combines the filters

 
tcpdump -i wlp2s0 -v tcp and net 192.160.1.0/24

Port specific data capture:

 
tcpdump -i wlp2s0 -v port 80

Capture all data with source with port 443:

 
tcpdump -i wlp2s0 -v src port 443 and dst 192.168.1.73

Capture filter:

 
tcpdump -i wlp2s0 -v ‘src port 443 and dst 192.168.1.73’

Capture traffic and save it to file:

 
tcpdump -w /home/ribik/Desktop/traffic.pcap -i wlp2s0 ‘tcp and net 192.168.1.0/24’

© 2025 Ribik Khoteja. All rights reserved.

E-mail: [email protected]