How can you view packet contents in tcpdump on Linux?

1 year ago

Ava Mitchell

1 minute

To view the packet contents in TCPDump, you can use the following command:

tcpdump -i <interface> -nnX

The -i option specifies the network interface to listen on, such as eth0. The -nn flag enables TCPDump to display IP addresses and port numbers in numerical format, rather than trying to resolve them to hostnames and service names. The -X flag shows the hexadecimal and ASCII representation of packet contents.

Additionally, you can limit the captured packets by using filters. For example, to display packets with a specific source or destination IP address, you can use the filter host . To display packets with a specific source or destination port number, you can use the filter port .

For example, to view packets from the host with IP address 192.168.1.100 or with the destination port number 80, you can use the following command:

tcpdump -i eth0 -nnX host 192.168.1.100 and port 80

Please note that running TCPDump requires being logged in as the root user or a user with the appropriate privileges.

#Development #guide #programming #technology #tutorial