Linux tcpdump Guide - ryzendew/Linux-Tips-and-Tricks GitHub Wiki
Linux tcpdump Guide
Complete beginner-friendly guide to tcpdump on Linux, covering Arch Linux, CachyOS, and other distributions including network packet capture, traffic analysis, and network debugging.
Table of Contents
tcpdump Installation
Install tcpdump
Arch/CachyOS:
# Install tcpdump
sudo pacman -S tcpdump
Debian/Ubuntu:
sudo apt install tcpdump
Fedora:
sudo dnf install tcpdump
Verify Installation
Check tcpdump:
# Check version
tcpdump --version
# Check help
tcpdump --help
tcpdump Basics
List Interfaces
View interfaces:
# List interfaces
tcpdump -D
# Or
ip link show
Basic Capture
Capture packets:
# Capture on interface
sudo tcpdump -i eth0
# Capture on any interface
sudo tcpdump -i any
Packet Capture
Save to File
Save packets:
# Save to file
sudo tcpdump -i eth0 -w capture.pcap
# Read from file
tcpdump -r capture.pcap
Limit Packets
Limit capture:
# Capture 100 packets
sudo tcpdump -i eth0 -c 100
# Save and limit
sudo tcpdump -i eth0 -w capture.pcap -c 100
Filtering
Filter by Host
Filter traffic:
# Filter by host
sudo tcpdump -i eth0 host 192.168.1.1
# Filter by source
sudo tcpdump -i eth0 src host 192.168.1.1
# Filter by destination
sudo tcpdump -i eth0 dst host 192.168.1.1
Filter by Port
Port filtering:
# Filter by port
sudo tcpdump -i eth0 port 80
# Filter by port range
sudo tcpdump -i eth0 portrange 20-100
Filter by Protocol
Protocol filtering:
# Filter TCP
sudo tcpdump -i eth0 tcp
# Filter UDP
sudo tcpdump -i eth0 udp
# Filter ICMP
sudo tcpdump -i eth0 icmp
Troubleshooting
Permission Errors
Use sudo:
# tcpdump requires root
sudo tcpdump -i eth0
# Or add user to group
sudo usermod -aG wireshark $USER
Summary
This guide covered tcpdump installation, packet capture, and network analysis for Arch Linux, CachyOS, and other distributions.
Next Steps
- Network Utilities - Network tools
- nmap Guide - Network scanning
- Networking - Network setup
- tcpdump Documentation:
man tcpdump
This guide covers Arch Linux, CachyOS, and other Linux distributions. For distribution-specific details, refer to your distribution's documentation.