Network - tcpdump

Map Of Internet 1973


tcpdump 1) is :

It prints out a description of the contents of packets on a network interface that match a boolean expression



  • Max 10 file of 100 Mb
tcpdump -C 104.8576  -W 10 -i eth0 -s 0 -w /tmp/tcpdump.infa -Z userName 'host hostname and port 1433' &
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes

Sniff email

tcpdump -w /file/name -s 0 'host and port 25'

Stop it with Ctrl-C when done.



tcpdump can always be interrupted by:

  • a SIGINT signal
  • or a SIGTERM signal (typically generated with the kill(1) command)

It will by default run for ever.


  • -w flag to save the output to a packet file
  • -c to specify the number of packet to capture and stop

tcpdump has a log rotate functionality built-in.

Rotate Options:

  • -C file_size is the max file size in millions of bytes (1,000,000 bytes)
  • -G rotate_seconds
  • -W limit the number of files created to the specified number
  • -z postrotate-command - will make tcpdump run postrotate-command file

The first savefile will have the name specified with the -w flag, with a number after it, starting at 1 and continuing upward.


  • the -r flag read from a saved packet file rather than to read packets from a network interface.
  • -V flag read a list of saved packet files.


For the expression syntax, see pcap-filter%287%29


Reading packets from a network interface may require that you have special privileges


  • a time stamp, printed, by default, as hours, minutes, seconds, and fractions of a second since midnight.
  • a description



See Tcptrace to analyze a tcp dump file

Discover More
Map Of Internet 1973
Network - TCP (Transmission Control Protocol)

The Transmission Control Protocol (TCP) is a protocol of the Internet protocol suite (TCP/IP). It originated in the initial network implementation in which it complemented the Internet Protocol (IP)....
Map Of Internet 1973
Network - Trace (Capture|Sniffer|Analyzer) Tool (Packet Analysis)

Network Sniffer records network data unit (ie packet or message) The record can be done by: sniffing SNMP, WMI, proxy or local agents Packet analysis: After being captured, a packet...

Share this page:
Follow us:
Task Runner