Tcpdump is everyday tool used by system and network administrator. We generally look simple use cases like host, port and protocol filter for tcpdump
. In this tutorial we will look how to filter host, port and protocol in tcpdump. But keep in mind that tcpdump will requires administrator or root privileges. We can use root
account or sudo
command in order to gain root privileges.
Specify Host Name
Tcpdump can resolve host names like regular tools. We can specify the host name but the host name should be resolvable. In this example we will capture traffic from poftut.com
. We will use host
option like below.
$ tcpdump host poftut.com
Specify IP Address
IP address of the target can be provided to the tcpdump like below. In this example we will capture packets from 192.168.122.10
$ tcpdump host 192.168.122.10

Specify Port
We can specify the port number with port
option. This will capture all traffic related port number from target and our local system. In this example we want to capture http
traffic which port number is 80 .
$ tcpdump host poftut.com port 80
Specify Destination Port
We can specify only destination port number with thedst port
option. In this example we will filter targets https
port.
$ tcpdump host poftut.com dst port https
Specify Source Port
If we want to troubleshot local system we can specify the local system port with the src port
and the port number. In this example we will capture local smtp port.
$ tcpdump host poftut.com src port smtp
Capture HTTP
We can capture HTTP traffic with the following command.
$ tcpdump host poftut.com port http
Capture SMTP
We can capture SMTP traffic with the following command.This will provide mail traffic.
$ tcpdump host poftut.com port smtp
Capture HTTPS
We can capture HTTPS traffic with the following command but keep in mind the data will be encrypted.
$ tcpdump host poftut.com port https
Capture DNS
We can capture DNS traffic with the following command
$ tcpdump host poftut.com port dns
Capture SSH
We can capture SSH port with the following command. SSH is an encrypted protocol.
$ tcpdump host poftut.com port ssh
Capture Telnet
We can capture telnet port with the following command. As telnet is clear text protocol we can sniff user names and passwords by capturing telnet traffic.
$ tcpdump host poftut.com port telnet
Capture VNC
VNC is remote desktop protocol mainly used Linux systems. We can capture VNC port like below.
$ tcpdump host poftut.com port vnc
Capture RDP
We can capture RDP port like below.
$ tcpdump host poftut.com port rdp
1 thought on “How To Specify Host, Port and Protocol For Tcpdump?”