•  Home
  •  Dashboard
  •  Company
    • About Us
    • Blog
    • Careers
    • Contact Us
    • Data Centers
    • Looking Glass
    • Network
    • Reseller
  •  Hosting Services
    • Infrastructure
      • iColocation
    • Compute
      • cMetal
      • cVirtual
    • Storage
      • sObject
      • sBlock
    • Networking
      • nCDN
      • nIP Transit
      • nWavelength
    • Protection
      • pBackup
      • pDDoS
  •  Solutions
    • Ecommerce
    • Finance
    • Gaming
    • Hosting
    • Management
    • Security
    • System Integrator
  •  Support
    • Community
    • Knowledge Base
    • Open A Ticket
  •  USA & Canada: 800-933-1517
  •  International: 626-549-2801
  •  Email: sales@psychz.net
  • Services
    • new-colocation-header-img
      Infrastructure
      • iColocation
    • new-compute-header-img
      Compute
      • cMetal
      • cVirtual
    • new-storage-header-img
      Storage
      • sObject
      • sBlock
    • new-networking-header-img
      Networking
      • nCDN
      • nIP Transit
      • nWavelength
    • new-protection-header-img
      Protection
      • pBackup
      • pDDoS
  • Solutions
    • Ecommerce
    • Security
    • Gaming
    • Hosting
    • Management
    • Finance
    • System Integrator
  • Dashboard

how to read tcpdump output

  • Home
  • Client
  • Qa Forum
  • how to read tcpdump output

Posted By: Manny | 1 Replies | Last Reply On: Jul 31, 2017 04:23:17

how to read tcpdump output?

Psychz - Sachin

Votes: 0Posted On: Jul 31, 2017 04:23:17
 

 

Tcpdump is a tool used to analyze packets incident on a server. It runs under the command line and is a very useful network tool. It displays the packets(TCP/IP) transmitted or received by a network. Tcpdump is a free tool licensed under BSD license. You can also write the contents of tcpdump to a file. You will have to install tcpdump before start using it.

 

Installation

Please run the following commands to install "tcpdump".

Ubuntu/Debian family - apt-get install tcpdump

Centos/RHEL - yum install tcpdump

 

Tcpdump command with options

If you run the Tcpdump command without any options, the tcpdump will start displaying packets indefinitely until you suspend the operation. Here are some of the commonly used options.

 

Translating Hostnames and Ports

tcpdump -n

The "-n" option is used to translate the hostname and ports. Without this option, the output displays hostname which is converted to it's corresponding IP address.


A verbose output

tcpdump -v

The "-v" option stands for verbose. when you use the "-v" option, the output is displayed in a verbose manner. You can also use "v" multiple times for an even verbose output. For example - "tcpdump -vvvv".

 

Specifying  the number of packets

tcpdump -c 

The "-c" option is used to limit the number of packets to be captured. We can enter the number of packets we want to capture infront of the "-c" option. For example, the following command will capture 20 packets and suspend automatically. 

"tcpdump -c 20"

 

Specifying an interface

tcpdump -i 

The "-i" option lets you specify the network interface you want the packets to be captured from. There may be multiple network interfaces in a system. Use the "ifconfig" command to list all the interfaces. For example, the following command will capture the packets of "eth0" interface.

"tcpdump -i eth0"

 

Writing the output to file

tcpdump -w path_of_the_file

The "-w" option lets you write the output of tcpdump to a file which you can save for further analysis.

 

Reading the output from a file

tcpdump -r path_of_the_file

The "-r" option lets you read the output of a file. All you have to do is use the "-r" option with tcpdump command and specify the path of the file you want to read.

 

Capturing by Packet Size

tpcdump -s 

The "-s" option enables you to set the size of each packet to be captured. The default packet length is 65535 bytes. For example, the following command will capture the packets upto 100 bytes.

"tcpdump -s 100"


The "tcpdump" contains a variety of commands you can use to analyze the packets thoroughly. Once you have mastered these options, please go to the man page of tcpdump to view more about the command.

 

man tcpdump

Was this reply helpful?

Related topics

  • Linux File Permissions Cheat Sheet
  • yarn vs npm. Which one's better?
  • Web Hosting Control Panel
  • Looking for Psychz Review
  • Is Centos 8 the last stable OS release?
  • 10TB Dedicated Server
  • Deploy Psychz Dedicated Server Using Terraform Provider
  • SSD vs HDD Reliability
  • How to setup a dedicated server for 7 days to die
  • Firewalld commands for CentOS 7 and CentOS 8
  • Managing systemd services and units using systemctl commands
  • Basic and useful Linux commands
  • Object Storage vs. Block Storage: Which Is Right for Your Data?
  • In Comparison: FreeBSD VS Linux
  • Best Open Source Monitoring Tools For Server
Copyright © 2025 Psychz Networks,
A Profuse Solutions Inc Company
Hosting Services
Infrastructure
  • iColocation
Compute
  • cMetal
  • cVirtual
Storage
  • sObject
  • sBlock
Networking
  • nCDN
  • nIP Transit
  • nWavelength
Protection
  • pBackup
  • pDDoS
Company
  • About Us
  • Blog
  • Careers
  • Contact Us
  • Data Centers
  • Looking Glass
  • Network
  • Reseller
Policies
  • Acceptable Usage Policy
  • Privacy Policy
  • Service Level Agreement
  • Terms and Conditions
Support
  • Community
  • Knowledge Base
  • Open A Ticket
Get In Touch
  • Psychz Networks,
    A Profuse Solutions Company
    611 Wilshire Blvd #300
    Los Angeles,California 90017
    USA
  • US/Canada: 800-933-1517
  • International: 626-549-2801