search cancel

How to perform a tcpdump on Redhat Linux

book

Article ID: 133041

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

Steps to run a TCPDUMP on Redhat Linux

Environment

Red Hat Linux Enterprise and CentOS

Resolution

If the tcpdump utility is not already installed, then you can install via "Yum":

yum install tcpdump

To run tcpdump and capture all incoming traffic for all interfaces on the server:

tcpdump -i any -w /tmp/capture.pcap

This will log on ANY interface and on ALL ports and save it to file /tmp/capture.pcap. To stop the capture at any time, simply issue a control-break (ctrl-c or ^c) on the shell command line where the tcpdump has been executed from.

A filter can also be applied to specifically narrow down the capture to a single port, for example if you wanted only port 8080 traffic:

tcpdump -i any port 8080 -w /tmp/capture.pcap

Or to narrow down to the trap port (default: 162) on the SpectroSERVER:

tcpdump -i any udp dst port 162 -w /tmp/capture.pcap

However, for most issues relating to Broadcom products - ANY/ALL is helpful and we can filter the results down using Wireshark.