How to Filter or trace traffic with Tcpdump

Howto May 10, 2019

Tcpdump is a tool that can be used to examine network traffic on a linux kernel, the below example will filter or check if the interface 1 on the system gets icmp request

tcpdump -nni eth1 icmp

where eth1 can be customized to the interface number
where n tells tcpdump not to convert address e.g host addresses and port numbers to names
where i is the interface on which to listen to.

Further more we can filter or trace the network connection on an interface coming through a specific ip address and port, with the below command

tcpdump -i eth0 host 172.22.0.14 and port 4000
tcpdump -i eth0 host 172.22.0.19 and port 4400 -n -s 0 -vvv -w /usr/src/dump

John Adebayo

Recommended for you

AWS

Introduction to Harshicorp Vault

a year ago • 1 min read

Howto

Installing Kubectl

a year ago • 1 min read

Howto

How to Install mysql 5.7 on centos 7 and change the root password

a year ago • 1 min read

Brief Overview of Azure Storage Accounts

encode and decode base64 Bash

Deploying Consul and Vault as HA in Kubernetes (Part 2)

Upgrading Terraform from version 0.11.x to 0.12.12 with both a local State File or Remote State

How to Filter or trace traffic with Tcpdump

John Adebayo

Recommended for you

Introduction to Harshicorp Vault

Installing Kubectl

How to Install mysql 5.7 on centos 7 and change the root password