TCPdump: How to set it up and use it

Table of Contents

TCPdump: How to set it up and use it




CLI-based tool for capturing packets, Tcpdump. This tool analyzes packets, decodes data payloads if the encryption keys can be deciphered, as well as recognizes file transfer payloads (SMTP, HTTP, etc.). The program enables the user to watch packets being sent and received across a network. TCPdump is free software licensed under the BSD license. For Linux, almost any UNIX-based operating system will work.





In this article, we will explain how to set tcpdump and use it.







Step 1: Configure VPSie cloud server





  1. Sign in to your system or register a newly created one by logging in to your VPSie account
  2. Connect by SSH using the credentials we emailed you.
  3. Once you have logged into your Ubuntu instance, run these commands to update your system.
apt-get update && apt-get upgrade -y







Step 2: Install TCPdump






Install by running the following command,





For CentOS/RHEL,



yum install tcpdump





For Debian and Ubuntu,



apt-get install tcpdump




Run this command to verify the installation,



# tcpdump --version
tcpdump version 4.9.3 libpcap version 1.8.1 OpenSSL 1.1.1d 10 Sep 2019







Step 3: Using tcpdump





1. Run the following command to find out what interfaces are available on the system.



tcpdump -D






# tcpdump -D

1.eth0 [Up, Running]
2.eth1 [Up, Running]
3.any (Pseudo-device that captures on all interfaces) [Up, Running]
4.lo [Up, Running, Loopback] 






2. Run the following command to capture packets from a specific interface,



tcpdump -i eth0





3. Run the following command to capture IP address packets,

tcpdump -n -i eth0




4. Run the following command to capture only TCP packets,

tcpdump -i eth0 -c 20 -w tcpanalyze.pcap tcp





5. Run the following command to capture packets from a specific port,



tcpdump -i eth0 port 80



With source and destination IP addresses, filter records,


Obtain packets from a source IP,

tcpdump -i eth0 src

Obtain packets from a destination IP,

tcpdump -i eth0 dst

That’s it, Thanks for reading! I hope it was informative for you! 







Try VPSie for free today!
Share on