Please post your Web Driver questions in official Web Driver forum

Thursday, July 23, 2015

tcpdump command and options

tcpdump - dump traffic on a network. Tcpdump  prints  out a description of the contents of packets on a network interface that match the boolean expression.

Type the following command:


You need to interrupt the command else it would keep scrolling

-i interface
--interface=interface Listen on interface.  If unspecified, tcpdump searches the system interface list for the lowest numbered,  configured  up  interface (excluding loopback), which may turn out to be, for example, ``eth0''.
    $tcpdump -i eth0
-c count
             Exit after receiving count packets.
$tcpdump -c 30 -i eth0
        Screenshot from 2015-07-23 10:39:04.png
--list-interfaces, prints  the list of the network interfaces available on the system and on which tcpdump can capture packets.  For each network interface, a number and an interface name, possibly followed by a text description of the interface, is printed.  The interface  name  or the number can be supplied to the -i flag to specify an interface on which to capture.
    $tcpdump -D
-w file
Write the raw packets to file rather than parsing and printing them out.  They can later be printed with the -r option.
    $tcpdump -w dump01.pcap -c 10 -i eth0
and now read the dumped file -
    $tcpdump -r dump01.pcap

-n Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.   
    $tcpdump -n

To capture packets from specific port, specify port number -
    $tcpdump -i eth0 port 22
To capture packets from specific source -
    $tcpdump -i eth0 src
Fork me on GitHub