Capture raw traffic using tcpdump

tcpdump is a powerful command-line packet analyzer, its an excellent way to capture raw traffic and then run it through various tools later.

Example to use tcpdump &  exclude my ssh session traffic.

tcpdump -i eth0  -s 1500 port not 22

Example to skip additional ports including ssh port:

tcpdump -i eth0  -s 1500 port not 22 and port not 53

Example to  use ip or hostname:

tcpdump -i eth0 port not 22 and host 192.***.**.* ( Your Network IP)

Once this command is executed it captures packets and will report counts of  packets ”captured” (ie the number of packets that tcpdump has received and processed);

Example to Capture all traffic on the Port 443 to a File

# tcpdump -s 1500  port 443 -w capture_file


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Current month ye@r day *

eXTReMe Tracker