Quick tip: Capture Linux network packets to a file

by Vivek Gite on September 24, 2007 · 3 comments

tcpdump command dump traffic on a network in real time. It prints out a description of the contents of packets on a network interface.

How do I capture network packets to a file?

By default traffic is dumped on a screen. To capture these packets to a file, enter the following command as the root user:
# tcpdump -i eth0 -w traffic.eth0

How do I read packets from a file?

The -w flag causes it to save the packet data to a file called traffic.eth0 for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface:
# tcpdump -r traffic.eth0

Featured Articles:

Share this with other sys admins!
Facebook it - Tweet it - Print it -

We're here to help you make the most of sysadmin work. So, subscribe!

{ 3 comments… read them below or add one }

1 Artem Nosulchik September 25, 2007

Nice tip, Vivek! Also it would be useful to send these captured packets with tool Bit-twist.
An example of it’s usage is available here.

Reply

2 vivek September 25, 2007

Artem,

Thanks for sharing Bit-Twist. I will check it out :)

Reply

3 raisa January 7, 2010

does tcpdump support tcp packet reassembly?? if not how can reassembly be implemented?

Reply

Leave a Comment

You can use these HTML tags and attributes for your code and commands: <strong> <em> <ol> <li> <u> <ul> <blockquote> <pre> <a href="" title="">
What is 13 + 14 ?
Please leave these two fields as-is:
Are you a human being? Solve the simple math so we know that you are a human and not a bot.




Previous post:

Next post: