tcpdump - dump traffic on a network

Tcpdump prints out a description of the contents of packets on a network interface that match the boolean expression. It can also be run with the -w flag, which causes it to save the packet data to a file for later analysis, and/or with the -r flag, which causes it to read from a saved packet file rather than to read packets from a network interface. In all cases, only packets that match expression will be processed by tcpdump.


root@u12:~# tcpdump -nnvvXS -c2 port 80

Don’t convert host addresses to names. This can be used to avoid DNS lookups.

Don’t convert protocol and port numbers etc. to names either.

Even more verbose output. For example, additional fields are printed from NFS reply packets, and SMB packets are fully decoded.

When parsing and printing, in addition to printing the headers of each packet, print the data of each packet (minus its link level header) in hex and ASCII. This is very handy for analysing new protocols.

Print absolute, rather than relative, TCP sequence numbers.

Comments are closed.