Tcpdump is everyday tool used by system and network administrator. We generally look simple use cases like host, port and protocol filter for
tcpdump . In this tutorial we will look how to filter host, port and protocol in tcpdump. But keep in mind that tcpdump will requires administrator or root privileges. We can use
root account or
sudo command in order to gain root privileges.
Specify Host Name
Tcpdump can resolve host names like regular tools. We can specify the host name but the host name should be resolvable. In this example we will capture traffic from
poftut.com. We will use
host option like below.
$ tcpdump host poftut.com
Specify IP Address
IP address of the target can be provided to the tcpdump like below. In this example we will capture packets from
$ tcpdump host 192.168.122.10
We can specify the port number with
port option. This will capture all traffic related port number from target and our local system. In this example we want to capture
http traffic which port number is 80 .
$ tcpdump host poftut.com port 80
Specify Destination Port
We can specify only destination port number with the
dst port option. In this example we will filter targets
$ tcpdump host poftut.com dst port https
Specify Source Port
If we want to troubleshot local system we can specify the local system port with the
src port and the port number. In this example we will capture local smtp port.
$ tcpdump host poftut.com src port smtp
We can capture HTTP traffic with the following command.
$ tcpdump host poftut.com port http
We can capture SMTP traffic with the following command.This will provide mail traffic.
$ tcpdump host poftut.com port smtp
We can capture HTTPS traffic with the following command but keep in mind the data will be encrypted.
$ tcpdump host poftut.com port https
We can capture DNS traffic with the following command
$ tcpdump host poftut.com port dns
We can capture SSH port with the following command. SSH is an encrypted protocol.
$ tcpdump host poftut.com port ssh
We can capture telnet port with the following command. As telnet is clear text protocol we can sniff user names and passwords by capturing telnet traffic.
$ tcpdump host poftut.com port telnet
VNC is remote desktop protocol mainly used Linux systems. We can capture VNC port like below.
$ tcpdump host poftut.com port vnc
We can capture RDP port like below.
$ tcpdump host poftut.com port rdp