12 Tcpdump Commands – A Network Sniffer Tool

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Narad Shrestha

He has over 10 years of rich IT experience which includes various Linux Distros, FOSS and Networking. Narad always believes sharing IT knowledge with others and adopts new technology with ease.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

30 Responses

  1. Mohit says:

    Great compilation of most useful options of tcpdump. Thanks.

  2. Bad Prad says:

    This may be unrelated to tcpdump, but I am trying to find who which workstation on a LAN is using too much traffic.

    All traffic is routed through a wireless LAN, which is turn is a cellular modem. The modem control panel cannot provide this information.

    Workstation on the LAN run various operating systems – Linux, Windows, Android and IOS.

  3. Josh says:

    Excellent article. Do you have any article on network interface source code or configuration of network interface card?

  4. Admin says:

    Having a hard time here, hopefully you can help. This server in question (Centos 6.8) has bandwidth sky rocketing to about 100MBps. It’s running cPanel control panel and none of the accounts are using much bandwidth. I cannot figure out how to trace where the spike is coming from. I tried this tcpdump but confused. I need to trace the source of the bandwidth spike and really could use some help. IPTRAF is a bit confusing too to me.

  5. Gene says:

    This has been very informative and helpful. Had to use some of the commands for some deep debugging…. thanks

  6. abhi says:

    How can I take the tcpdump of a destination port.

    • Ravi Saive says:

      Here is the following command that will help you out.

      # tcpdump -i eth0 port 22

      Don’t forget to replace the port 22 with your desired port.

  7. Nilesh says:

    Very Good artical

  8. sara kiran says:

    Hope you must be fine by grace of God. I am facing a problem in my thesis which is about to change the link data rate depending upon the buffer occupancy i-e if the buffer space is filled above threshold then increase the link data rate and if the buffer is occupied below threshold then reduce the link data rate. Now the problem exists in determining the buffer space occupied. For this I am using” ifconfig” and “netstat”.
    For ifconfig the output for switch AS-1 eth1 is as follows (by using netstat I was getting the same output):
    AS-1-eth1 Link encap:Ethernet HWaddr 7a:81:df:f1:29:74
    inet6 addr: fe80::7881:dfff:fef1:2974/64 Scope: Link
    RX packets: 88 errors: 0 dropped: 0 overruns: 0 frame: 0
    TX packets: 57 errors: 0 dropped: 0 overruns: 0 carrier: 0
    Collisions: 0 txqueuelen: 1000
    RX bytes: 12266 (12.2 KB) TX bytes: 9052 (9.0 KB)
    Now I am thinking, packets in queue= RX packets-TX packets=88-57=31packets (31 packets are in the buffer). Am I thinking in the right direction?
    For “ifconfig” kindly check the following link
    http://www.computerhope.com/unix/uifconfi.htm, Kindly just go through the overview, I know your time is really precious and sorry to bother you, kindly reply me as soon as possible. Thanks in advance.

  9. Pankhuri Jaiswal says:


    M in a deep trouble…i need to do this tcp steganography in linux environment…can you please tell me the required steps and commands…i need it urgent…please help

    • Mohinder says:

      Please let us know how the steganography went. What commands did you find useful and what was the end result. Thank you and very good day to you.

  10. techie says:

    Thanx, very informative

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.