ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

How to capture network traffic using tcpdump?

book

Article ID: 94804

calendar_today

Updated On:

Products

CA Application Test Service Virtualization CA Continuous Application Insight (PathFinder)

Issue/Introduction

This document describes one option to capture the network traffic using tcpdump command in a Linux environment.

How to capture network traffic using tcpdump?

Environment

Any Linux based system.

Resolution

Here is a sample tcpdump command used to capture network traffic with your Linux system:
# tcpdump -i <INTERFACE> -s 65535 -w mypcap.pcap 

-i is for the network interface it will listen and capture the traffic. The default is eth0 if this option is not specified.
-s will set the capture byte to its maximum i.e. 65535.
-w will create the pcap file named mypcap.pcap.

With the command above you will be able to save the traffic to a PCAP file and then open it with Wireshark and filter the traffic as needed. To target network packets from a particular source or destination IP address, use

# tcpdump src <SOURCE_IP_ADDRESS>

# tcpdump dst <DESTINATION_IP_ADDRESS>

So, for example, you can run the following;

# tcpdump -i <INTERFACE> -s 65535 src <SOURCE_IP_ADDRESS> -w mypcap.pcap 

Additional Information

For more information regarding TCPDUMP:
https://www.tcpdump.org/tcpdump_man.html