Synopsis | When tcpdump is used with no filters, it captures all traffic and produces a huge amount of output that can make it very difficult to find and analyze the packets you are most interested in.Filters are one of the most powerful features of the tcpdump tool as they allow you to capture only those packets matching the filter. For example, when troubleshooting issues related to a web server you can use filters to capture only the HTTP traffic.Our tcpdump feature uses the Berkeley Packet Filter (BPF) syntax to filter the packets using various matching parameters such as protocols, source and destination IP addresses, ports,and more.In this article, we’ll take a look at some of the most common filters. For a list of all available filters, check the pcap-filter manpage. |
|
---|