How to save tcpdump captured packets to local in Linux?

To capture packets using the tcpdump command in Linux and save them locally, you can follow these steps:

1. Open a terminal window and log in as the root user or a user with sudo privileges.
2. Start tcpdump with the following command and save the captured packets to a local file.

sudo tcpdump -i <interface> -w <filename.pcap>

Here, represents the network interface to listen on, which can be a network interface name (such as eth0, wlan0, etc.) or a virtual interface that can capture packets (such as any represents all interfaces); represents the name of the saved file, ending with the .pcap extension.

For example, if you want to listen to the eth0 interface and save the captured packets to a file named packet.pcap, you can use the following command:

sudo tcpdump -i eth0 -w packet.pcap

1. After tcpdump begins capturing packets, it will display the captured packets in real time. Pressing the Ctrl+C key combination can stop the packet capture.
2. After capturing the packets, use the following command to exit tcpdump:

Ctrl+C

The captured packets will be saved in the current working directory. You can use network analysis tools like Wireshark to open the saved .pcap file for further analysis and viewing.