How to view captured packet files in tcpdump on Linux?

To view TCPDump capture files in Linux, you can use the following command:

1. View file contents: Use the command “tcpdump -r ” to view the contents of the captured file. For example, to view the contents of a capture file named capture.pcap, you can run the following command: tcpdump -r capture.pcap.
2. Filter packets: You can use the command “tcpdump -r ” to filter packets in a capture file. For example, to only display packets with a source IP address of 192.168.1.2, you can run the following command: tcpdump -r capture.pcap src 192.168.1.2.
3. Exporting data packets: You can use the command “tcpdump -r -w ” to export packets from a captured file to another file. For example, to export packets from the capture file “capture.pcap” to a file named “export.pcap”, you can run the following command: tcpdump -r capture.pcap -w export.pcap.
4. Counting the number of packets: You can use the command tcpdump -r | wc -l to count the number of packets in a capture file. For example, to count the number of packets in a capture file named capture.pcap, you can run the following command: tcpdump -r capture.pcap | wc -l.

The above command can easily be used to view and manipulate TCPDump capture files in Linux.