[Linux] tcpdump - view TCP traffic on Linux

[Linux] tcpdump - view TCP traffic on Linux

View contents of TCP packet in LINUX : using tcpdump command

only shows packets from a specific IP address

tcpdump src 192.168.5.29 -X

only shows packets to and from specific IP address

tcpdump host 192.168.5.29 -X

display packets to and from a specific IP address

tcpdump -X dst 192.168.0.122 or src 192.168.0.122

specify interface -i ens33

tcpdump -i ens33 -X dst 172.19.176.145 or src 172.19.176.145

tcpdump -i ens33 -X dst 10.44.57.129 or src 10.44.57.129

display only tcp packets sent from src to dst ip address

tcpdump -i ens33 -X dst 10.44.63.130 and src 10.44.63.229

capture only POST requests on specified network interface '-i ens33'

tcpdump -i ens33 -s 0 -A 'tcp[((tcp[12:1] & 0xf0) >> 2):4] = 0x504F5354'

References: https://linuxize.com/post/tcpdump-command-in-linux/

Comments