Linux tcpdump analyzes network packets in Linux RedHat Fedora

Linux Network Testing ifconfig arp and arpwatch ping traceroute netstat tcpdump DNS host lookup

Linux tcpdump Command

tcpdump reads every packet from the Ethernet, and compares it to a filter you define. IF it matches the filter, the packet header is displayed on your terminal, which permits you to monitor traffic in real time.

# tcpdump host 172.16.5.1 and 172.16.24.1

tcpdump: listening on eth0

10:46:00.576386 phobe.1027 > wren.telnet: S

400405049:400405049(o) win 32120

< mss 1460> (DF)

10:46:11.578991 wren.telnet > phobe.1027: S

1252411948:1252511948(o) ack 400405050 win 32120

< mss 1460> (DF)

10:46:11.773727 phobe.1027 > wren.telnet: .

ack 1 win 32120 < nop> (DF)

Note

begins with a time stamp
followed by the source and destination address
phobe is the source
wren telnet service is the destination