How to debug network issues in Unix — “tcpdump”

Photo by Sai Kiran Anagani on Unsplash

In my day-by-day job, I started to use lots of BASH commands to debug network issues, and I did never not many of them. This is why I decided to write here all those commands and how do I use usually.

This is a series. Here the table of contents:

1. dig
2. ping
3. whois
4. openssl
5. nslookup
6. traceroute and mtr
7. iptables
8. network configuration and statistics
9. tcpdump (this story)

This is finally the last story of this series, and here we’ll describe another powerful tool: tcpdump .

As Wikipedia describes,

tcpdump is a data-network packet analyzer computer program that runs under a command line interface. It allows the user to display TCP/IP and other packets being transmitted or received over a network to which the computer is attached.

Briefly, all network transmissions are composed by packets, which each of them include a chunk of data. Analyzing each of those packets, sometimes, it would be useful to verify any data corruption.

tcpdump requires root privileges, so you need to run using sudo .

Let’s see some examples of tcpdump usage; other usages in https://hackertarget.com/tcpdump-examples/ .

Capture UDP data on eth0 interface

sudo tcpdump -i eth0 udp

Save capture data in a file

sudo tcpdump -i eth0 -s0 -w test.pcap

You could read the file as-is or using some analyzer like Wireshark.

Capture data based on host

sudo tcpdump -i eth0 host 10.10.1.1
sudo tcpdump -i eth0 dst 10.10.1.20