Click here to subscribe for more videos like this!
So, right now it’s not capturing any, let’s go ahead and do some updates. So, that just captured 10 of the packets from my machine that was essentially coming into my machine, and so we can analyze them a bit. We can see where they’re going to and where they’re coming from. So, we can see here basically, the first column is a time stamp, right. Over here we’ve got the IP address we’re sending from, so this is our machine here as you recall, and it’s sending this package out to our router which basically ends up here at this domain. And so that’s how to use you know tcpdump very, very minimally. There are some other options that we can go through as well for this command. So, you can print the captured packets in ASCII, so let’s go ahead and do that. “sudo tcpdump -c 10 -A” and this is going to print out the actual packets in ASCII. So, you can use this if you’re trying to see you know what exactly you’re getting in this just all looks like gibberish to me but it’s the packets are actually coming through, so that’s a neat way to use this command. So, basically if you only want to listen on one network interface, I’m going to run “ifconfig” again, and we can see wlo1 is the name of this device. So, what I’m gonna do is run “sudo tcpdump -c 5 -I wlo1” and what that -I does is it tells it to listen to a very specific interface that we define after that “-I”. Now, in addition to displaying the packets in ASCII format we can also display them in hex and ASCII. So, this may make sense for you if you’re looking for some hex response from these packets that are coming in and out, so what we’re gonna do is run “sudo tcpdump -XX -I wlo1” and this is gonna print out, I didn’t use the c flag so I’m just going to cancel there. So, this is gonna print out packets in hex and ASCII format. So, let me clear this. One other neat thing is you can capture packets from specific ports and so let’s go ahead and do that. So, let’s run “sudo tcpdump” and I’ll show you guys why that’s going to make sense here in a moment “-I wlo1” this is the name of my interface and then “port 22” Now, right now I don’t think I have any port 22’s going on here and that’s because port 22 is an SSH port. So, what I’m going to do is I’m going to connect to my server via SSH and we’re gonna packet activity here. So, here we see a bunch packets happening and each time you do something you can see exactly what’s happening here, and you would you be able to parse through these and you know basically see that there is activity, what kind of activity, and you know where it’s happening between. So, that is a bit about the “tcpdump” command. This is gonna be good with troubleshooting network activity, there’s not really many other uses that I can think for this, but if you have any uses for this that i don’t know about leave a comment I would like to know how you guys use this command if you do or any any practical applications that you think this command would serve.