Sniffing & Spoofingnetworktrafficanalyzerpacketcapturesniffing

tcpdump

tcpdump is a command-line network traffic analyzer that dumps traffic on a network. It examines various packet types including IPv4, IPv6, TCP, UDP, and others.

Description

tcpdump allows users to dump traffic on a network and print out packet headers on a network interface. It supports filtering packets that match specific expressions, making it useful for tracking network problems, detecting attacks, or monitoring network activities.

The tool handles a wide range of protocols such as ICMPv4, ICMPv6, SNMP, AFS, BGP, RIP, PIM, DVMRP, IGMP, SMB, OSPF, NFS, and many others. This versatility enables detailed inspection of network communications for troubleshooting or security analysis.

tcpdump is lightweight with an installed size of 1.31 MB and depends on libraries like libc6, libpcap0.8t64, libssl3t64, and systemd components.

How It Works

tcpdump uses libpcap to capture packets from network interfaces. It examines IPv4, ICMPv4, IPv6, ICMPv6, UDP, TCP, SNMP, AFS, BGP, RIP, PIM, DVMRP, IGMP, SMB, OSPF, NFS, and other packet types, printing headers or filtering based on expressions. Version details include tcpdump 4.99.6 with libpcap 1.10.6 supporting TPACKET_V3 and OpenSSL 3.5.5.

Installation

bash

sudo apt install tcpdump

Flags

-Aflag listed in usage

-bflag listed in usage

-dflag listed in usage

-Dflag listed in usage

-eflag listed in usage

-fflag listed in usage

-gflag listed in usage

-hdisplay help (shows usage)

-Hflag listed in usage

-Iflag listed in usage

-Jflag listed in usage

-Kflag listed in usage

-lflag listed in usage

-Lflag listed in usage

-nflag listed in usage

-Nflag listed in usage

-Oflag listed in usage

-pflag listed in usage

-qflag listed in usage

-Sflag listed in usage

-tflag listed in usage

-uflag listed in usage

-Uflag listed in usage

-vflag listed in usage

-xflag listed in usage

-Xflag listed in usage

#flag listed in usage

-B sizeset buffer size

-c countexit after count packets

--countcount packets option

-C file_sizerotate dump files after file_size

-E algo:secretdecrypt IPsec

-F fileread filter from file

-G secondsrotate dump files every seconds

-i interfacelisten on interface

--immediate-modeimmediate mode option

-j tstamptypeset timestamp type

-M secretdecrypt TCP session

--numberprint packet number

--printprint option

-Q in|out|inoutdirection filter

-r fileread from file

-s snaplenset snap length

-T typepacket type interpretation

--versionprint version

-V filesave annotated packets

-w filewrite to file

-W filecountuse filecount files

-y datalinktypeset datalink type

--time-stamp-precision precisionset timestamp precision

--micromicrosecond timestamps

--nanonanosecond timestamps

-z postrotate-commandpostrotate command

-Z userdrop privileges to user

Examples

Display tcpdump help and usage information

tcpdump -h

Listen on specified network interface

tcpdump -i interface

Read packets from capture file

tcpdump -r file

Write packets to capture file

tcpdump -w file

Set snapshot length for packet capture

tcpdump -s snaplen

Capture specified number of packets and exit

tcpdump -c count

Filter and dump packets matching expression

tcpdump expression

Updated 2026-04-16kali.org ↗