Capture raw traffic using tcpdump

By | August 21, 2013

tcpdump is a powerful command-line packet analyzer, its an excellent way to capture raw traffic and then run it through various tools later.

Example to use tcpdump &  exclude my ssh session traffic.

tcpdump -i eth0  -s 1500 port not 22

Example to skip additional ports including ssh port:

tcpdump -i eth0  -s 1500 port not 22 and port not 53

Example to  use ip or hostname:

tcpdump -i eth0 port not 22 and host 192.***.**.* ( Your Network IP)

Once this command is executed it captures packets and will report counts of  packets ”captured” (ie the number of packets that tcpdump has received and processed);

Example to Capture all traffic on the Port 443 to a File

# tcpdump -s 1500  port 443 -w capture_file

Leave a Reply

Your email address will not be published. Required fields are marked *