How can we specify IP and port in tcpdump on Linux?

1 year ago

Noah Thompson

1 minute

In Linux, you can use the tcpdump command to capture and analyze network data packets. To filter specific IP addresses and ports, you can use the filtering options provided by tcpdump.

Here are some commonly used TCPdump filtering options:

Designate source IP address or destination IP address:

tcpdump src <IP地址>  # 抓取源IP地址为指定IP地址的数据包
tcpdump dst <IP地址>  # 抓取目标IP地址为指定IP地址的数据包

Specify either source port or destination port:

tcpdump src port <端口号>  # 抓取源端口为指定端口号的数据包
tcpdump dst port <端口号>  # 抓取目标端口为指定端口号的数据包

Using a combination of IP address and port number:

tcpdump src <IP地址> and port <端口号>  # 抓取源IP地址为指定IP地址且源端口为指定端口号的数据包
tcpdump dst <IP地址> and port <端口号>  # 抓取目标IP地址为指定IP地址且目标端口为指定端口号的数据包

More complex filtering criteria:

tcpdump <过滤条件1> and <过滤条件2>  # 同时满足多个条件的数据包
tcpdump <过滤条件1> or <过滤条件2>  # 满足任意一个条件的数据包

Please note that you need root privileges or permission associated with the pcap group to capture network packets using tcpdump.

#Development #guide #programming #technology #tutorial