🎁 New User? Get 20% off your first purchase with code NEWUSER20 Register Now →
Menu

Categories

🌐 Networking March 3, 2026 6

Linux Command: tcpdump

Capture and analyze network traffic

Terminal — Networking
Command
$ sudo tcpdump -n port 80 -c 50
Output
Captures 50 packets on port 80 without DNS resolution.

tcpdump captures and displays network packets in real time. It is the most widely used command-line packet analyzer, essential for network troubleshooting, protocol analysis, and security monitoring. tcpdump captures raw packets from network interfaces and can filter by protocol, port, host, and many other criteria. Captures can be saved to .pcap files for later analysis with Wireshark. tcpdump requires root privileges because it puts the network interface into promiscuous mode. It is one of the most powerful networking debugging tools available.

Syntax

tcpdump [OPTION]... [EXPRESSION]

Common Examples

  • sudo tcpdump -n port 80 -c 50 — Captures 50 packets on port 80 without DNS resolution.
  • sudo tcpdump -n host 192.168.1.100 — Shows all traffic to/from a specific IP.
  • sudo tcpdump -w /tmp/capture.pcap -c 1000 — Captures 1000 packets and saves for analysis in Wireshark.
  • sudo tcpdump -n port 53 — Captures DNS query and response packets.

Pro Tips

    Master this and 230+ other Linux commands with our comprehensive eBooks and cheat sheets.

    Related Resources

    Linux Administration Fundamentals
    Related eBook — Learn more in depth
    📋
    Linux Commands Cheat Sheet
    Free Cheatsheet — Download PDF

    Share this tip

    ← Previous Mar 2: Linux Command: ssh-copy-id
    ← Today's Tip All Tips →