Capture network traffic for a specific port

During times of troubleshooting network traffic, tcpdump can come to the rescue. It allows capturing any data that comes in via the network. This how-to shows how to filter on specific port numbers and capture them for all data transmission protocols TCP or UDP.

Examples

tcpdump dst port 80

Capture traffic to port 80 from our system


tcpdump src port 53

Capture DNS responses with source port 53

Sample output

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes
18:53:11.826759 IP nscache1.example.org.domain > system.cisofy.com.44657: 35965 1/0/0 A 46.183.250.77 (49)
18:53:11.829023 IP nscache0.example.org.domain > system.cisofy.com.36774: 19872 1/0/0 PTR system.cisofy.com. (77)
18:53:11.929247 IP nscache1.example.org.domain > system.cisofy.com.41787: 23613 1/0/0 AAAA 2a01:8800::77:80 (61)
18:53:11.984288 IP google-public-dns-a.google.com.domain > system.cisofy.com.44580: 15423 1/0/0 PTR nscache1.example.org. (75)
18:53:11.985407 IP nscache1.example.org.domain > system.cisofy.com.53967: 60756 1/0/0 PTR nscache0.example.org. (75)
18:53:11.985759 IP nscache0.example.org.domain > system.cisofy.com.60178: 54089 1/0/0 PTR google-public-dns-a.google.com. (82)
18:53:12.010299 IP nscache1.example.org.domain > system.cisofy.com.44586: 54087 0/1/0 (97)

Recently updated at July 24, 2019

Do you like this page? Share it with others or help us make it better

Yes!

Share with friends:
Share on Twitter