tcpdump command dump traffic on a network in real time. It prints out a description of the contents of packets on a network interface.
How do I capture network packets to a file?
By default traffic is dumped on a screen. To capture these packets to a file, enter the following command as the root user:
# tcpdump -i eth0 -w traffic.eth0
How do I read packets from a file?
The -w flag causes it to save the packet data to a file called traffic.eth0 for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface:
# tcpdump -r traffic.eth0
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- 10 Greatest Open Source Software Of 2009
- My 10 UNIX Command Line Mistakes
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Want to read Linux tips and tricks, but don't have time to check our blog everyday? Subscribe to our daily email newsletter to make sure you don't miss a single tip/tricks. Subscribe to our weekly newsletter here!
- Email this to a friend
- Download PDF version
- Printable version
- Comment RSS feed
- Last Updated: Sep/24/2007
{ 3 comments… read them below or add one }
Nice tip, Vivek! Also it would be useful to send these captured packets with tool Bit-twist.
An example of it’s usage is available here.
Artem,
Thanks for sharing Bit-Twist. I will check it out :)
does tcpdump support tcp packet reassembly?? if not how can reassembly be implemented?