Tcpdump is a packet sniffer that able to capture traffic that passes through a machine. It operates on a packet level, meaning that it captures the actual packets that fly in and out of your computer. It can save the packets into a file. In this post, i will show how to install tcpdump on CentOS 5/CentOS 6/ CentOS 7/RHEL 5/RHEL 6/ RHEL 7 server. You can proceed to read the example usage of tcpdump in this article.
How to Install tcpdump on CentOS / RHEL
1. Run any tcpdump command to check whether tcpdump installed or not :
[root@centos62 ~]# tcpdump -D -bash: tcpdump: command not found
2. To install tcpdump, simply run the following command :
[root@centos62 ~]# yum install tcpdump -y
3. Show available interface that can be monitor :
# tcpdump -D 1.eth0 2.usbmon1 (USB bus number 1) 3.usbmon2 (USB bus number 2) 4.any (Pseudo-device that captures on all interfaces) 5.lo
4. Check tcpdump version in CentOS 6.7
# tcpdump --version
tcpdump version 4.1-PRE-CVS_2015_07_23
libpcap version 1.4.0
Usage: tcpdump [-aAdDefhIJKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
[ -i interface ] [ -j tstamptype ] [ -M secret ]
[ -P in|out|inout ]
[ -r file ] [ -s snaplen ] [ -T type ] [ -w file ]
[ -W filecount ] [ -y datalinktype ] [ -z command ]
[ -Z user ] [ expression ]
5. Check tcpdump version in CentOS 7.1
# tcpdump --version
tcpdump: invalid option -- '-'
tcpdump version 4.5.1
libpcap version 1.5.3
Usage: tcpdump [-aAbdDefhHIJKlLnNOpqRStuUvxX] [ -B size ] [ -c count ]
[ -C file_size ] [ -E algo:secret ] [ -F file ] [ -G seconds ]
[ -i interface ] [ -j tstamptype ] [ -M secret ]
[ -P in|out|inout ]
[ -r file ] [ -s snaplen ] [ -T type ] [ -V file ] [ -w file ]
[ -W filecount ] [ -y datalinktype ] [ -z command ]
[ -Z user ] [ expression ]
I hope this article gives you some ideas and essential guidance on how to install tcpdump on CentOS 5/CentOS 6/ CentOS 7/RHEL 5/RHEL 6/ RHEL 7.