How to capture network traffic using tcpdump?

Document ID : KB000094804
Last Modified Date : 04/05/2018
Show Technical Document Details
Introduction:
This document describes one option to capture the network traffic using tcpdump command in a Linux environment.
Question:
How to capture network traffic using tcpdump?
Answer:
Here is a sample tcpdump command used to capture network traffic with your Linux system:
# tcpdump -i <interface> -s 65535 -w mypcap.pcap 

-i is for the network interface it will listen and capture the traffic. The default is eth0 if this option is not specified.
-s will set the capture byte to its maximum i.e. 65535.
-w will create the pcap file named mypcap.pcap.

With the command above you will be able to save the traffic to a pcap file and then open it with Wireshark and filter the traffic as needed.
Additional Information:
For more information regarding TCPDUMP:
https://www.tcpdump.org/tcpdump_man.html