Skip to main content

tcpdump

tcpdump helps you sniff and capture packets!

Raw "circular" capture

Do a "circular" capture of raw data in separate files of 200mb each. After the sixth file of 200mb is done getting written, tcpdump will start to overwrite the first file:

sudo tcpdump -w /tmp/capture.cap -C 200 -W 6

Capture only inbound pings

sudo tcpdump -i NETWORKINTERFACENAME icmp and dst host YOUR.LOCAL.IP.ADDRESS

Capture traffic coming in from a single host while excluding ARP and UDP

sudo tcpdump -i eth0 src host 1.2.3.4 and not arp -w capture.pcap -vvv -U

Then to see just the ports that people tried to connect to you on

sudo tcpdump -r 2024-07-16-1741-capture.pcap not udp and not icmp -nn -tttt