Loading...

tcpdump dumps traffic on a network and can create capture files.

Interfaces

See the list of interfaces on which tcpdump can listen:

tcpdump -D

Example

root@vm1# tcpdump -D
1.eth0
2.docker0
3.nflog (Linux netfilter log (NFLOG) interface)
4.nfqueue (Linux netfilter queue (NFQUEUE) interface)
5.veth1b44d33
6.veth5b37eb0
7.br-2089dbf35e03
8.any (Pseudo-device that captures on all interfaces)
9.lo [Loopback]

Listen on interface eth0:

tcpdump -i eth0

Listen on any available interface:

tcpdump -i any

Ports

Example: dump https (port 443) and http traffic (port 80) in capture file web.cap

sudo tcpdump port 80 or port 443 -w web.cap