How To Specify Host, Port and Protocol For Tcpdump? – POFTUT

How To Specify Host, Port and Protocol For Tcpdump?

Tcpdump is everyday tool used by system and network administrator. We generally look simple use cases like host, port and protocol filter for tcpdump . In this tutorial we will look how to filter host, port and protocol in tcpdump. But keep in mind that tcpdump will requires administrator or root privileges. We can use root account or sudo command in order to gain root privileges.

Specify Host Name

Tcpdump can resolve host names like regular tools. We can specify the host name but the host name should be resolvable. In this example we will capture traffic from We will use host option like below.

Specify IP Address

IP address of the target can be provided to the tcpdump like below. In this example we will capture packets from

Specify IP Address

Specify IP Address

Specify Port

We can specify the port number with port option. This will capture all traffic related port number from target and our local system. In this example we want to capture http traffic which port number is 80 .

Specify Destination Port

We can specify only destination port number with thedst port option. In this example we will filter targets https port.

Specify Source Port

If we want to troubleshot local system we can specify the local system port with the src port and the port number. In this example we will capture local smtp port.

LEARN MORE  Linux Rsync Resume Partial File Transfers

Capture HTTP

We can capture HTTP traffic with the following command.

echo '

Capture SMTP

We can capture SMTP traffic with the following command.This will provide mail traffic.

Capture HTTPS

We can capture HTTPS traffic with the following command but keep in mind the data will be encrypted.

Capture DNS

We can capture DNS traffic with the following command

Capture SSH

We can capture SSH port with the following command. SSH is an encrypted protocol.

Capture Telnet

We can capture telnet port with the following command. As telnet is clear text protocol we can sniff user names and passwords by capturing telnet traffic.

Capture VNC

VNC is remote desktop protocol mainly used Linux systems. We can capture VNC port like below.

Capture RDP

We can capture RDP port like below.

1 Response

  1. 09/10/2019

    […] Tcpdump is packet sniffer for everyday use. There is lot of packet sniffers but tcpdump differs with his general availability and ease of use. Tcpdump use libcap library which is the core library used for packet sniffing. Here we will look general usage examples of packet sniffing. Be aware that to use tcpdump, tcpdump should have enough privilege and security mechanisms like selinux, apparmor should give permission. Captured data is generally written into file with pcap extension. Pcap files can be read and parsed with popular GUI based network tool Wireshark. […]

Leave a Reply

Your email address will not be published. Required fields are marked *