Help with TCPDump commands.

Posted on 2009-02-23
Last Modified: 2013-12-23
Dear experts,

I would like to use tcpdump to capture all the traffic between my pc and the target host.

I know that the tcpdump it will capture all traffic from the source that I will specify such as eth0

The question: I want the tcpdump to go and connect to target host and save all packets that received from the host in a file for a further analysis ? Can I do that with tcpdump or the tcpdump can not go and interact with target host ?

If the tcpdump can not go and interact with other hosts, what is the best way to do that interaction with target hosts and then save all packets between us and hosts.

I will be happy for any answers and suggestions.
Thanks in advance.
Best regards.
Question by:Tree_PRO
    LVL 18

    Accepted Solution

    In short, no, tcpdump will not do what you want.

    tcpdump is a tool to monitor (save to file) the packets coming in and out of your interface(s).

    What you can do, is start the capture for your specific traffic, use another console or application to generate the traffic.  Once complete, stop the tcpdump and then review the results.

    An example would be as follows to capture all traffic going to and from host on interface eth0 and send to a file called "dumpfile"

    tcpdump -i eth0 host > dumpfile
    tcpdump -i eth0 host -w dumpfile

    A handy page for all tcpdump commands is:


    Author Comment

    Dear deimark,

    Thanks for the reply, useful and short.

    In this sitation, I would use another tool to interact with the host, the work will be like this:
    1- run tcpdum and save all data to file
    2- interact to host by another tool
    3- stop tcpdump from capturing data.

    About the point 3 , stop the tcpdump after finish from interact, is there any way to do that from the command line for example:
    >tcpdump - (stop)

    Or I have to stop it manually by control and C.

    LVL 18

    Expert Comment

    When you run tcpdump, it will run in the console session you started it from.  It will also give a live packet count to give you an idea if its working or not.

    To stop it, I'm afraid the only way is to hit Ctrl-C as you said.


    Author Comment

    Thanks man for helping me :)


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
    Don’t let your business fall victim to the coming apocalypse – use our Survival Guide for the Fax Apocalypse to identify the risks and signs of zombie fax activities at your business.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    761 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now