Name
tcpdump
Synopsis
tcpdump [options] [expression]
System administration command. Dump headers and packets of network traffic that match expression. The command continues to capture packets until it receives a SIGTERM or SIGINT signal (usually generated by typing the interrupt character control-C). When finished, it will generate a report on traffic captured, received, or dropped by the kernel.
Expressions
Create matching expressions using the following primitives followed by an ID or name.
- direction
A qualifier indicating whether to match source or destination information. Accepted values are src, dst, src or dst, and src and dst. When not specified, the expression will match either source or destination traffic.
- protocol
A qualifier restricting matches to a particular kind of packet. Accepted values are: ether, fddi, tr, wlan, ip, ip6, arp, rarp, decnet, tcp, and udp. If not specified, the match defaults to any appropriate protocol matching type.
- type
A qualifier indicating what kind of thing the ID or name references, such as a part of a hostname (host), IP address (net) or port (port). When not specified, the match defaults to host.
Options
- -A
Print packets in ASCII text.
- -c n
Exit after receiving n packets.
- -C n
When saving to a file, do not write files larger than n million bytes. Open a new file with the same basename appended by a number. Start with the number 1.
- -d, -dd, -ddd
Compile and dump the packet-matching code for the given expression, then exit. Use the second form to dump it as ...
Get Linux in a Nutshell, 6th Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
