Capturing packets with tcpdump

Tcpdump is a command line tool that is very useful during network troubleshooting. It will capture packets and display them on the screen or save them to a file.
Installing tcpdump is very easy with yum.

#yum install tcpdump

In order to run tcpdump you will need to have root or sudo priviliges.
Below are some of the typical commands you will use when capturing with tcpdump.

Capture any packet coming from or going to x.x.x.x

tcpdump -n host x.x.x.x

Capture any packet going to x.x.x.x

tcpdump -n dst host x.x.x.x

Capture any packed coming from x.x.x.x

tcpdump -n src host x.x.x.x

Capture any packet going to network x.x.x.0/24

tcpdump -n dst net x.x.x.0/24

Capture any packet coming from network x.x.x.0/24

tcpdump -n src net x.x.x.0/24

Capture any packet with destination port x

tcpdump -n dst port x

Capture any packet coming from port x

tcpdump -n src port x

Capture any packets from or to port range x to y

tcpdump -n dst(or src) portrange x-y

Capture any tcp or udp port range x to y

tcpdump -n tcp(or udp) dst(or src) portrange x-y

Capture any packets with dst ip x.x.x.x and port y

tcpdump -n "dst host x.x.x.x and dst port y"

Capture any packets with dst ip x.x.x.x and dst ports x, z

tcpdump -n "dst host x.x.x.x and (dst port x or dst port z)"

Capture ICMP , ARP

tcpdump -v icmp(or arp)

Capture packets on interface eth0 and dump to cap.txt file

tcpdump -i eth0 -w cap.txt