tcpdump - dump traffic on a network. Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression.
Type the following command:
You need to interrupt the command else it would keep scrolling
--interface=interface Listen on interface. If unspecified, tcpdump searches the system interface list for the lowest numbered, configured up interface (excluding loopback), which may turn out to be, for example, ``eth0''.
$tcpdump -i eth0
Exit after receiving count packets.
$tcpdump -c 30 -i eth0
--list-interfaces, prints the list of the network interfaces available on the system and on which tcpdump can capture packets. For each network interface, a number and an interface name, possibly followed by a text description of the interface, is printed. The interface name or the number can be supplied to the -i flag to specify an interface on which to capture.
Write the raw packets to file rather than parsing and printing them out. They can later be printed with the -r option.
$tcpdump -w dump01.pcap -c 10 -i eth0
and now read the dumped file -
$tcpdump -r dump01.pcap
-n Don't convert addresses (i.e., host addresses, port numbers, etc.) to names.
To capture packets from specific port, specify port number -
$tcpdump -i eth0 port 22
To capture packets from specific source -$tcpdump -i eth0 src 192.168.1.1