How to Get a Packet Capture with tcpdump

You can get tcpdump from http://www.tcpdump.org/ or as a standard package in most Linux distributions.

To capture full-sized packets:

$ tcpdump -i <interface> -s0 -w <some-file>

Specify the correct interface and the name of a file to save to. If you are unsure which interface to use, you can use the following tcpdump command to display the list of available interfaces:

$ tcpdump -D

Use ^C (Ctrl+C) to terminate the capture when you believe you have captured enough packets.

For more information, consult tcpdump's man page:

man tcpdump

Provide the tcpdump output to support.

Was this article helpful?
0 out of 0 found this helpful