Top 10 TCPdump commands

Leave a Comment / Networking and Computing Tips and Tricks / By /
Post Views: 2,096

It’s always tough to do these Top 10 posts. I mean, depending on your job, where you access the network, what it is you are trying to do, you may have some favorite tcpdump commands that I don’t show here.

That said, lets take a look at some great TCPdump commands. By the way, you can grab our free tcpdump cheat sheet right here. If you are looking for a comprehensive version – you will find that in our Patreon community here.

  1. tcpdump
    This means simply capture on the first operating non-loopback interface
  2. tcpdump -i eth0
    This means capture on the named interface – in this case ‘eth0’.
  3. tcpdump -i eth0 src 172.16.1.1
    This means capture on eth0 where the source IP address in 172.16.1.1
    You can use dst as well.
  4. tcpdump -i eth0 -w example.pcap
    This means capture all packets on eth0 and write them to example.pcap.
  5. tcpdump -i eth0 -c 100
    This means capture just the first 100 packets on eth0.
  6. tcpdump -i eth0 -e
    This means capture all packets on eth0 and display the Ethernet details as well.
  7. tcpdump -i eth0 dst net 172.16.1.0/24
    This means capture all packets on eth0 that match any destination address in the specified IP subnetwork.
  8. tcpdump -i eth0 ip6
    This means capture only IPv6 traffic on the eth0 interface.
  9. tcpdump -i eth0 portrange 20-100
    This means capture any packets on the eth0 interface that match port number 20 through 100.
  10. tcpdump ether dst FF:FF:FF:FF:FF:FF
    This means capture any packets that match the specified L2 ethernet address – in this example all broadcast traffic.

I hope this helps. What are some of your favorites?

Comments and technical discussion are always welcomed from registered users below, and you are also invited to continue the conversation with the community on our Discord server. If you would like to help support the continued development of independent networking, broadband, Wi-Fi, VoIP, and packet analysis content, please consider joining our Patreon community where you will gain access to exclusive technical resources, downloadable labs and PCAPs, bonus course content, troubleshooting guides, and additional member-only material. You can also support our work by simply buying us a coffee — every contribution helps us continue creating practical, real-world network science education for professionals and enthusiasts alike.

Tags: ,

Leave a Comment

Scroll to Top