-
-
Notifications
You must be signed in to change notification settings - Fork 1
Linux tcpdump Guide
Mattscreative edited this page Dec 5, 2025
·
2 revisions
Complete beginner-friendly guide to tcpdump on Linux, covering Arch Linux, CachyOS, and other distributions including network packet capture, traffic analysis, and network debugging.
Arch/CachyOS:
# Install tcpdump
sudo pacman -S tcpdumpDebian/Ubuntu:
sudo apt install tcpdumpFedora:
sudo dnf install tcpdumpCheck tcpdump:
# Check version
tcpdump --version
# Check help
tcpdump --helpView interfaces:
# List interfaces
tcpdump -D
# Or
ip link showCapture packets:
# Capture on interface
sudo tcpdump -i eth0
# Capture on any interface
sudo tcpdump -i anySave packets:
# Save to file
sudo tcpdump -i eth0 -w capture.pcap
# Read from file
tcpdump -r capture.pcapLimit capture:
# Capture 100 packets
sudo tcpdump -i eth0 -c 100
# Save and limit
sudo tcpdump -i eth0 -w capture.pcap -c 100Filter traffic:
# Filter by host
sudo tcpdump -i eth0 host 192.168.1.1
# Filter by source
sudo tcpdump -i eth0 src host 192.168.1.1
# Filter by destination
sudo tcpdump -i eth0 dst host 192.168.1.1Port filtering:
# Filter by port
sudo tcpdump -i eth0 port 80
# Filter by port range
sudo tcpdump -i eth0 portrange 20-100Protocol filtering:
# Filter TCP
sudo tcpdump -i eth0 tcp
# Filter UDP
sudo tcpdump -i eth0 udp
# Filter ICMP
sudo tcpdump -i eth0 icmpUse sudo:
# tcpdump requires root
sudo tcpdump -i eth0
# Or add user to group
sudo usermod -aG wireshark $USERThis guide covered tcpdump installation, packet capture, and network analysis for Arch Linux, CachyOS, and other distributions.
- Network Utilities - Network tools
- nmap Guide - Network scanning
- Networking - Network setup
-
tcpdump Documentation:
man tcpdump
This guide covers Arch Linux, CachyOS, and other Linux distributions. For distribution-specific details, refer to your distribution's documentation.