Saving linux tcpdump captures to File

For capturing all the packets on interface

#tcpdump -i <interface> -w <filename>.pcap

Example:

#tcpdump -i eth1 -w capture.pcap

Limiting captures to number of packets

#tcpdump -i <interface> -c <count> -w <filename>.pcap

Example:

#tcpdump -i eth1 -c 1000 -w capture.pcap

Only capturing packet with destination ip

#tcpdump -i <interface> -c <count> -w <filename>.pcap dst <ip>

Example:

#tcpdump -i eth1 -c 1000 -w capture.pcap dst 192.168.1.120

Capturing packets with destination port

#tcpdump -i <interface> -c <count> -w <filename>.pcap dst port <port>

Example:

#tcpdump -i eth1 -c 1000 -w capture.pcap dst port 80

Capturing packets where host is the source or destination

#tcpdump -i <interface> -c <count> -w <filename>.pcap <host>

Example:

#tcpdump -i eth1 -c 1000 -w capture.pcap host 192.168.1.120

 

Later these can be viewed on a wireshark or any other ip packet analyzer which support .pcap files.

[Read More: “Tcpdump usage examples” by rationallyPARANOID]

Leave a Reply

Your email address will not be published. Required fields are marked *