Quick tip: Capture Linux network packets to a file
tcpdump command dump traffic on a network in real time. It prints out a description of the contents of packets on a network interface.
How do I capture network packets to a file?
By default traffic is dumped on a screen. To capture these packets to a file, enter the following command as the root user:
# tcpdump -i eth0 -w traffic.eth0
How do I read packets from a file?
The -w flag causes it to save the packet data to a file called traffic.eth0 for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface:
# tcpdump -r traffic.eth0
Want to stay up to date with the latest Linux tips, news and announcements? Subscribe to our free e-mail newsletter or RSS feed to get all updates.
You can Email this page to a friend.
You may also be interested in other helpful articles:
- Linux bond or team multiple network interfaces (NIC) into single interface
- How to: Linux Iptables block common attacks
- How can I enable or setup log message in the iptables firewall?
- Linux Filter and block P2P network traffic such as Kazaa / Bittorrent with ipp2p
- How to Access Network When Everything Else is Blocked
Discussion on This Article:
Leave a Reply
We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!
Tags: dump_traffic_-on_network, network_packets, tcpdump_command



Nice tip, Vivek! Also it would be useful to send these captured packets with tool Bit-twist.
An example of it’s usage is available here.
Artem,
Thanks for sharing Bit-Twist. I will check it out