Skip to Content

Recipes for tcpdump

Posted in

tcpdump is a great tool for protocol traffic analysis and troubleshooting. I'm sure by now you know you need it, but you just need to know how to effectively use it. This post will be updated ongoing.

Have a look here You'll find some great tips on tcpdump and other things nix.

  1. man tcpdump
  2. tcpdump -AvvvSs 1500 -i eth0 host
    This enables packet tracing on the local eth0 interface for traffic to and from host I was using this to analyze Set-Cookie headers in HTTP traffic. Read the man page for further information on options. I used 1500 for the snaplen because that was all the data I needed. If you want the whole packet, specify 0.
  3. tcpdump -AvvvSs 1500 -i any dst port 7143
    Capture IMAP traffic going to a reverse-proxied Zimbra mailbox server. Note the use of
    -i any
    This is how you are going to capture traffic that is going across all interfaces.
  4. tcpdump -AvvvSs 1500 -i any dst host && dst port 25
    Useful if you are watching packets from a local program that sends mail to the local Sendmail server.
  5. tcpdump -i en1 -nnvvXSs 1514 host and port 389
    Dumping packets going across en1 to on port 389.