tcpdump command

Definition:

• dump traffic on a network
• example:
  • tcpdump -i ens0s8 port 80
  • tcpdump -i ens0s8 -w captured.pcap -v

Synopsis:

• tcpdump [ -AbdDefhHIJKlLnNOpqStuUvxX# ] [ -B buffer_size ]
  • `[ -c count ] [ —count ] [ -C file_size ]
  • [ -E spi@ipaddr algo:secret,... ] [ -F file ] [ -G rotate_seconds ] [ -i interface ] [ --immediate-mode ] [ -j tstamp_type ] [ -m module ] [ -M secret ] [ --number ] [ --print ] [ -Q in|out|inout ] [ -r file ] [ -s snaplen ] [ -T type ] [ --version ] [ -V file ] [ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z postrotate-command ] [ -Z user ] [ --time-stamp-precision=tstamp_precision ] [ --micro ] [ --nano ] [ expression ]

List of options:

• -i interface, --interface=interface
• -n: Don’t convert addresses (i.e., host addresses, port numbers, etc.) to names
• -v. -vv. -vvv: verbosity
• -w file: write output to .pcap file
• -r file: read file with tcpdump