Using Tcpdump To Capture And Analyze Network Traffic



Tcpdump is one of the finest tools available for network analysis. It is a must have tool for all of the Network Administrators and users who wants to understand TCP/IP.It enable users to capture packets transmitted or received over the network/Internet. It is important to know that super user  authentication is required to run tcpdump, it is absolutely free tool available under BSD License.


It is a command line tool available for Debian and Redhat based systems, packets can be saved in log form which can be analysed later on with tcpdump.  You can apply filters on the packets and can avoid the traffic which you do not wants to see.It understand hostname and almost all of the TCP and UDP protocols.


For CentOS:

# yum install tcpdump

For Ubuntu distribution:

# apt-get install tcpdump

for Debian OS:

# pkg install tcpdump

Utility Examples

1. Use tcpdump without any option it will dump output to the scree
# tcpdump

Sample Output:


2. Specify some interface to capture network traffic
# tcpdump -i eth1

Sample output:


Note that  in above example that Packet captured, packet received and packets drops are described at the end of each output.

3. Capture packet from some specific host
# tcpdump src host

Sample Output:


# tcpdump src host


4. Read data with time stamp
# tcpdump -i eth0 -n -tttt

Sample output:


5. Scan network for some specific ip range
# tcpdump net

Sample output:


6. Grab some icmp traffic for specific interface
# tcpdump -i eth1  icmp

Sample output:


7. Record log of tcpdump to some specific file
# tcpdump -w unixmen.cap

unixmen.cap is file name.

Read that recored log with tcpdump

# tcpdump -r unixmen.cap

Sample output:


8. Capture only ARP packets for any interface
# tcpdump -v arp

Sample output:


9. Capture the data using ip address
# tcpdump -n -i eth0

Sample output:


10. Scan network more deeply
# tcpdump -nnvvXS

Sample output:


There are lots of utility which can be used with tcpdump, we will try to provide more tutorials of security tools in future.


tcpdump is a easy to use tool, no supporting packages are required to install or configure this tool, .cap log format is supported which is common for most of network scanning tools.

Have fun!!