TCPdump: How to set it up and use it
CLI-based tool for capturing packets, Tcpdump. This tool analyzes packets, decodes data payloads if the encryption keys can be deciphered, as well as recognizes file transfer payloads (SMTP, HTTP, etc.). The program enables the user to watch packets being sent and received across a network. TCPdump is free software licensed under the BSD license. For Linux, almost any UNIX-based operating system will work.
In this article, we will explain how to set tcpdump and use it.
Step 1: Configure VPSie cloud server
- Sign in to your system or register a newly created one by logging in to your VPSie account.
- Connect by SSH using the credentials we emailed you.
- Once you have logged into your Ubuntu instance, run these commands to update your system.
apt-get update && apt-get upgrade -y
Step 2: Install TCPdump
Install by running the following command,
For CentOS/RHEL,
yum install tcpdump
For Debian and Ubuntu,
apt-get install tcpdump
Run this command to verify the installation,
# tcpdump --version
tcpdump version 4.9.3 libpcap version 1.8.1 OpenSSL 1.1.1d 10 Sep 2019
Step 3: Using tcpdump
1. Run the following command to find out what interfaces are available on the system.
tcpdump -D
OUTPUT
# tcpdump -D
1.eth0 [Up, Running]
2.eth1 [Up, Running]
3.any (Pseudo-device that captures on all interfaces) [Up, Running]
4.lo [Up, Running, Loopback]
2. Run the following command to capture packets from a specific interface,
tcpdump -i eth0
3. Run the following command to capture IP address packets,
tcpdump -n -i eth0
4. Run the following command to capture only TCP packets,
tcpdump -i eth0 -c 20 -w tcpanalyze.pcap tcp
5. Run the following command to capture packets from a specific port,
tcpdump -i eth0 port 80
With source and destination IP addresses, filter records,
Obtain packets from a source IP,
tcpdump -i eth0 src 10.1.1.1
Obtain packets from a destination IP,
tcpdump -i eth0 dst 10.1.1.1
That’s it, Thanks for reading! I hope it was informative for you!
