How To Specify Host, Port and Protocol For Tcpdump?


Tcpdump is everyday tool used by system and network administrator. We generally look simple use cases like host, port and protocol filter for tcpdump . In this tutorial we will look how to filter host, port and protocol in tcpdump. But keep in mind that tcpdump will requires administrator or root privileges. We can use root account or sudo command in order to gain root privileges.

Specify Host Name

Tcpdump can resolve host names like regular tools. We can specify the host name but the host name should be resolvable. In this example we will capture traffic from poftut.com. We will use host option like below.

$ tcpdump host poftut.com

Specify IP Address

IP address of the target can be provided to the tcpdump like below. In this example we will capture packets from 192.168.122.10

$ tcpdump host 192.168.122.10
Specify IP Address
Specify IP Address

Specify Port

We can specify the port number with port option. This will capture all traffic related port number from target and our local system. In this example we want to capture http traffic which port number is 80 .

$ tcpdump host poftut.com port 80

Specify Destination Port

We can specify only destination port number with thedst port option. In this example we will filter targets https port.

$ tcpdump host poftut.com dst port https

Specify Source Port

If we want to troubleshot local system we can specify the local system port with the src port and the port number. In this example we will capture local smtp port.

$ tcpdump host poftut.com src port smtp

Capture HTTP

We can capture HTTP traffic with the following command.

$ tcpdump host poftut.com port http

Capture SMTP

We can capture SMTP traffic with the following command.This will provide mail traffic.

$ tcpdump host poftut.com port smtp

Capture HTTPS

We can capture HTTPS traffic with the following command but keep in mind the data will be encrypted.

$ tcpdump host poftut.com port https

Capture DNS

We can capture DNS traffic with the following command

$ tcpdump host poftut.com port dns

Capture SSH

We can capture SSH port with the following command. SSH is an encrypted protocol.

$ tcpdump host poftut.com port ssh

Capture Telnet

We can capture telnet port with the following command. As telnet is clear text protocol we can sniff user names and passwords by capturing telnet traffic.

$ tcpdump host poftut.com port telnet

Capture VNC

VNC is remote desktop protocol mainly used Linux systems. We can capture VNC port like below.

$ tcpdump host poftut.com port vnc

Capture RDP

We can capture RDP port like below.

$ tcpdump host poftut.com port rdp

LEARN MORE  Linux fuser Command Tutorial With Examples

1 thought on “How To Specify Host, Port and Protocol For Tcpdump?”

Leave a Comment