We earn commission when you buy through affiliate links.
This does not influence our reviews or recommendations.Learn more.
tcpdump is an amazing command-line tool for web link sniffing.
It is an industry-standard for capturing andanalyzing TCP/IP packets.
The tcpdump tool can be of great help when resolvingnetworkingissues.
The packets can be saved to a file and later analyzed.
It is a good idea to run this tool occasionally to keep a watch over your web link.
What does the tcpdump output look like?
tcpdumpallows you to examine the headers of the TCP/IP packets.
It prints one line for each packet, and command keeps running until you press Ctrl+C to terminate.
It includes many options and filters.
Running tcpdump without any options will capture all packets flowing through the default interface.
To see the list of connection interfaces available on the system and on which tcpdump can capture packets.
Or
This is especially useful on systems that do not have a command to list interfaces.
To capture packets flowing through a specific interface, use the-iflag with the interface name.
Without the-iinterface tcpdump will pickup the first internet interface it comes across.
The-vflag increases the information you see about the packets,-vvgives you even more details.
By default, tcpdump resolves IP addresses to hostnames and also uses service names instead of port numbers.
If DNS is broken or you do not want tcpdump to perform name lookups, use the-noption.
If no filters are applied, all packet headers are displayed.
Commonly used filters are port, host, src, dst, tcp, udp, icmp.
The files to save the output use pcap format and have an extension of.pcap.
PCAP stands for packet capture.
The following command saves 10 lines of output on the eth1 interface to icmp.pcap.
This prints the packet contents in ASCII, which can be of help in web connection troubleshooting.
Also-Xflag can be used to display output in hex format.
This may not be of much help if the connection is encrypted.
