How to use tcpdump

You can use tcpdump to debug TCP/IP connections.

How it works

1st console run tcpdump:

philipp@lion:~$ sudo tcpdump -i lo
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on lo, link-type EN10MB (Ethernet), capture size 96 bytes
09:55:05.968006 IP lion > lion: ICMP echo request, id 5745, seq 1, length 64
09:55:05.968025 IP lion > lion: ICMP echo reply, id 5745, seq 1, length 64
09:55:06.967003 IP lion > lion: ICMP echo request, id 5745, seq 2, length 64
09:55:06.967024 IP lion > lion: ICMP echo reply, id 5745, seq 2, length 64
^C
8 packets captured
16 packets received by filter
0 packets dropped by kernel

2nd console start any network activity (in this case a ping to localhost):

philipp@lion:~$ ping 127.0.0.1
PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data.
64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.039 ms
64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.038 ms
^C
--- 127.0.0.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1998ms
rtt min/avg/max/mdev = 0.038/0.038/0.039/0.004 ms

More examples

HTTP traffic on the interface eth1:

sudo tcpdump 'tcp port 80' -i eth1

Interface he-ipv6, udp packages for port 2701:

sudo tcpdump 'udp port 2701' -i he-ipv6

resources

Comments