it’s a tool used for capturing network traffic , It allows you to capture and analyze the network packets that are sent and received on a network interface

Syntax: tcpdump -nn -X -v -s0 -i eth0

Simple syntax for simple reading and analysis :

tcpdump -nn -s0 -i eth0

Example of how it using:

  1. Basic usage: This will start capturing packets on the first network interface.

    tcpdump

  2. Capture packets on a specific interface: If you want to capture packets on a particular interface, use the i option. In the example below, we are capturing packets on the eth0 interface.

    tcpdump -i eth0

  3. Capture packets to/from a specific IP address: You can capture packets to or from a specific IP address using src (source) or dst (destination) before the IP. Here's how to capture packets coming from 192.168.1.1.

    tcpdump src 192.168.1.1

    Or packets going to 192.168.1.1.

    tcpdump dst 192.168.1.1

  4. Capture specific number of packets: The c option allows you to specify the number of packets to capture. For instance, if you only want to capture 10 packets, you can do:

    tcpdump -c 10

  5. Capture packets on a specific port: If you want to capture packets on a particular port, you can specify the port number. This example captures packets on port 80.

    tcpdump port 80

  6. Write output to a file: w option allows you to write the packet data to a file instead of printing it on the console.

    tcpdump -w output.pcap

  7. Read from a file: r option allows you to read from a file instead of capturing live data.

    tcpdump -r output.pcap