/var/net/sys/admin/blog
| More

Important note to remember:
a. capture it in full length, using the -s 0 options
b. save it in a file, better to make the extension as .pcap so wireshark can associate directly

1.Identify which interface you want to listen to

[root@freelinux tmp]# ifconfig 

eth0 Link encap:Ethernet HWaddr 08:00:27:72:24:E6
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe72:24e6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:942 errors:0 dropped:0 overruns:0 frame:0
TX packets:612 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:78095 (76.2 KiB) TX bytes:198882 (194.2 KiB)
Interrupt:10 Base address:0xd020

2. Run “tcpdump” command with the following options. For instance, you want to monitor the DNS packets.Run:

tcpdump -ni eth0 -Xvvv -w freelinux.pcap -s 0 port 53 

[root@freelinux tmp]# tcpdump -ni eth0 -Xvvv -w freelinux.pcap -s 0 port 53
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
2657 packets captured
2938 packets received by filter
0 packets dropped by kernel

Verify:

# ls -l /tmp
-rw-r--r-- 1 root wheel 1386926 Sep 24 14:39 freelinux.pcap

where as:

-s 0 –> capture byte to its maximum (65535) or it’s full lenght
-ni –> listen on which interface. Then -n option is used so not to convert host addresses to names.
-w –> create the file
port –> to indicate the port number, e.g. 53 which pertains to dns
-X –> Print each packet (minus its link level header) in hex and ASCII
-vvv –> Even more verbose output

Other samples:
[root@freelinux tmp]# tcpdump -ni eth0 -Xvvv -w freelinux.pcap -s 0 portrange 67-68
[root@freelinux tmp]# tcpdump -ni eth1 -s0 -w hostlinux.pcap host 8.8.8.8 &

Note: you can do Ctrl+C to terminate the task, or if run in background, kill the process if finished as it will consume some hard disk space and some CPU resources.

3. Now open the wireshark program. It’s a GUI-based program, so viewing is easier and flexible.

Enjoy!

8 Responses to “Quick Tip: Use tcpdump in Linux to capture network packets and view in wireshark”

  1. Linux Topics – Tutorials « Zeeshan Ahmad Bhatti

    on December 29 2012

    […] Quick Tip: Use tcpdump in Linux to capture network packets and view in wireshark […]

  2. Romain

    on May 14 2013

    I’ll try this. This will be really useful.

    Thx

  3. Φθηνά καράβια

    on August 13 2017

    Very good blog! Do you have any helpful hints for aspiring
    writers? I’m hoping to start my ownn website soon but I’m a ittle lost oon everything.
    Would you recommend starting with a free platform like
    Wordpress orr go for a paid option? There are so many options out there thst I’m completely confused ..
    Any ideas? Kudos!

  4. Πακέτο διακοπών για Ρώμη

    on August 22 2017

    Hello my friend! I want to say that this articlle is
    awesome, nice written and come with almost all significant infos.
    I would like to look extra posts like this .

  5. Πακέτο διακοπών για Ρώμη

    on July 27 2018

    Hi, always i used to check weblog posts here early in the dawn,for the reason that
    i likme to find out more and more.

  6. Κέρκυρα Ανκόνα

    on December 1 2018

    An outstanding share! I have just forwarded this onto a co-worker who wass
    doing a little researfch on this. Andd he in fact ordered me lunch because I stumbled upon it for him…
    lol. So allow me to reword this…. Thanks for tthe meal!!
    But yeah, thanx for spending the time to discuss this subjkect here on your blog.

  7. Jenifer

    on December 18 2018

    There is certainly a lot to know about this topic.
    I love all of tthe poits you made.

  8. igoumenitsa ancona

    on February 4 2019

    I’m amazed, I must say. Rafely do I encounter a blog that’s equally educative and interesting, and without a
    doubt, you have hit the nail on thhe head. The problem iis
    soomething which too few men and women are speaking ihtelligently about.
    I’m very happy I found this during my seaarch for something relating to this.

Comment RSS · TrackBack URI

Leave a comment

Name: (Required)

E-mail: (Required)

Website:

Comment:

 

About FLT

This site is dedicated to everyone who likes to learn and explore the beautiful world of Linux. If you have comments and suggestions, please feel free to email at freelinuxtutorials@gmail.com. I am happy to serve and share things esp. that is free and enjoyable as Linux.