Traffic filtering with TCPDump

TCPDump is one of the most prolifically used network traffic inspection tools used to date. It supports a number of rich information-driven features and just like the rest of the tools discussed in this book, it offers a purely command-line-driven interface. TCPDump allows you to filter network traffic for useful information. Here, we will be covering some basic usage. Later, we will move on to how to use TCPDump to inspect just the traffic you are interested it, and all this will be straight from the comfort of your trusty bash shell.

Getting started with TCPDump

To start off, let's look at the usage specification for TCPDump:

tcpdump [ -AbdDefhHIJKlLnNOpqRStuUvxX ] 
[ -B buffer_size ] [ -c count ] [ -C file_size ...

Get Penetration Testing with the Bash shell now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.