Tcpdump is a type of packet analyzer software utility that monitors and logs TCP/IP traffic passing between a network and the computer on which it is executed.
Tcpdump is an open-source network utility that is freely available under the BSD license. Tcpdump works on the command line interface and provides descriptions of packet content in several formats, depending on the command used.
Tcpdump is primarily a network monitoring and management utility that captures and records TCP/IP data on the run time. Tcpdump is designed to provide statistics about the number of packets received and captured at the operating node for network performance analysis, debugging and diagnosing network bottlenecks and other network oriented tasks.
Install tcpdump on CentOS/RHEL System
Follow the below steps to install tcpdump on CentOS/RHEL system.
1. Run the below command to verify whether tcpdump is installed or not.
# tcpdump -D -bash: tcpdump: command not found
2. If not install run the below command to install it.
# yum install tcpdump -yum
3. Show available interface that can be monitor.
# tcpdump -D 1.eth0 2.usbmon1 (USB bus number 1) 3.usbmon2 (USB bus number 2) 4.any (Pseudo-device that captures on all interfaces) 5.lo
4. Check the installed version of tcpdump on CentOS 6.x.
# tcpdump --version tcpdump version 4.1-PRE-CVS_2015_07_23 libpcap version 1.4.0 Usage: tcpdump [-aAdDefhIJKlLnNOpqRStuUvxX] [ -B size ] [ -c count ] [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ] [ -i interface ] [ -j tstamptype ] [ -M secret ] [ -P in|out|inout ] [ -r file ] [ -s snaplen ] [ -T type ] [ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z command ] [ -Z user ] [ expression ]
5. Check the installed version of tcpdump on CentOS 7.x.
# tcpdump --version tcpdump: invalid option -- '-' tcpdump version 4.5.1 libpcap version 1.5.3 Usage: tcpdump [-aAbdDefhHIJKlLnNOpqRStuUvxX] [ -B size ] [ -c count ] [ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ] [ -i interface ] [ -j tstamptype ] [ -M secret ] [ -P in|out|inout ] [ -r file ] [ -s snaplen ] [ -T type ] [ -V file ] [ -w file ] [ -W filecount ] [ -y datalinktype ] [ -z command ] [ -Z user ] [ expression ]