tcpdump is a common command line packet analyzer.It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.tcpdump works on most UNIX like operating systems.
#tcpdump –Display standard tcpdump output
#tcpdump -v ,-vv, -vvv –Display more detailed output.
#tcpdump -D –Display available network interfaces for capturing
#tcpdump -n –To display with out resolving host names (Display Ip address)
#tcpdump -nn –To display with out resolving hostnames and ports.
#tcpdump -q –Display quick output
#tcpdump -i eth0 –Capture traffic of interface eth0 only
#tcpdump src 192.168.0.195 and dst 192.168.0.10 and port 8888 – Display traffic through port 8888 from 192.168.0.195 to 192.168.0.10
#tcpdump tcp –Capture tcp traffic.
#tcpdump port http –Capture traffic through http port(80).
#tcpdump -c 50 –Capture 50 packets.
#tcpdump host www.linuxhowto.in – Display packets to or from www.linuxhowto.in.com.
#tcpdump -A –Display the content of captured packets.
#tcpdump -X –print the packet’s contents in both hex and ASCII.
#tcpdump -S –Print absolute sequence numbers along with the output.
#tcpdump -e –Gets Ethernet header also.
#tcpdump -E –Decrypt IPSEC traffic with encryption key.
#tcpdump src 192.168.0.10 –Display traffic from 192.168.0.10
#tcpdump dst 192.168.0.10 –Display traffic to 192.168.0.195
#tcpdump portrange 21-23 –Print the traffic in the specified port range.
#tcpdump less 300 –Display packet size below or greater 300 bytes
#tcpdump greater 300
#tcpdump -w test.log –Capture the packets to a file test.log
#tcpdump -r test.log –To read the captured packets from file test.log
#tcpdump ‘tcp & 16 != 0′ –To capture ACK packets only