≡ Menu

Quick tip: Capture Linux network packets to a file

tcpdump command dump traffic on a network in real time. It prints out a description of the contents of packets on a network interface.

How do I capture network packets to a file?

By default traffic is dumped on a screen. To capture these packets to a file, enter the following command as the root user:
# tcpdump -i eth0 -w traffic.eth0

How do I read packets from a file?

The -w flag causes it to save the packet data to a file called traffic.eth0 for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface:
# tcpdump -r traffic.eth0

Share this on:

{ 5 comments… add one }

  • Artem Nosulchik September 25, 2007, 7:56 am

    Nice tip, Vivek! Also it would be useful to send these captured packets with tool Bit-twist.
    An example of it’s usage is available here.

  • nixCraft September 25, 2007, 11:50 am


    Thanks for sharing Bit-Twist. I will check it out :)

  • raisa January 7, 2010, 4:46 am

    does tcpdump support tcp packet reassembly?? if not how can reassembly be implemented?

  • assfou March 28, 2012, 3:34 pm

    Many Tks.

    also the captured can also be viwed in wireshark. :):)

  • desperado0804 June 10, 2012, 5:24 am

    Thx for the tip! Well we can also use AthTek NetWalk to help capture Linux network packets

Leave a Comment

   Tagged with: , ,