
In the following example, we use the network interface name to listen to it with the tcpdump command.Īlternatively, we can specify the network interface ID number which is displayed while listing network interfaces. We can use these ID numbers or interface names in order to listen to the specific network interfaces. We can see that all interfaces are listed with an ID number and some basic information about their status. $ tcpdump -D 1.ens33 ģ.any (Pseudo-device that captures on all interfaces) ĥ.bluetooth-monitor (Bluetooth Linux Monitor) Ħ.nflog (Linux netfilter log (NFLOG) interface) ħ.nfqueue (Linux netfilter queue (NFQUEUE) interface) ĩ.dbus-session (D-Bus session bus) ġ0.bluetooth0 (Bluetooth adapter number 0) First we can list the existing network interfaces with the option -D like below. But we can also specify the network interface we want to listen to. By default, tcpdump command finds a network interface that has the default gateway and listens to this network interface. Generally extra psedeu interfaces are created for virtual and auxiliary systems. Run tcpdump Filter Specific Network Interface TrafficĪ system may have single or more network interfaces. If we try to run tcpdump with regular user privileges we will get an error like “ tcpdump: ens33: You don’t have permission to capture on that device (socket: Operation not permitted)“ So the tcpdump command can not be run and executed as a regular user unless root privileges are provided. The tcpdump command access the operating system level functions which require administrative root privileges. Install tcpdump On CentOS, RHEL, Fedora: $ sudo dnf install tcpdump Run tcpdump and Display All Traffic Install tcpdump On Ubuntu, Debian, Mint, Kali: $ sudo apt install tcpdump We can install the tcpdump on Ubuntu, Debian, Mint, Kali, CentOS, RHEL, Fedora, etc. But it is provided by most of the Linux distributions via package managers apt and dnf or yum. The tcpdump command may not be installed by default in some Linux distributions. The tcpdump is an alternative tool for Wireshark where tcpdump can be used without a GUI or desktop environment via the command-line interface. The tcpdump is created in 1988 for BSD systems and ported most of the Unix, Linux operating systems and became very popular.

It provides the ability to parse, filter and display network packets and protocols in different ways. The tcpdump command or tool is used to analyze network packets on Linux systems.
