Tools like tcpdump or Wireshark are most often used for this.
We have to use specific software or methods to read these files. Since pcap is a format for network traffic capture file it is not human-readable. Sudo tcpdump -w my_filename.pcap Example 8: Reading a. pcap (Packate Capture) file you can use -w option where w means to write. 16:52:36.505399 IP 172.16.8.183.45736 > : Flags, ack 253, win 2500, options, length 0 Example 6: Save captured packetsīy default, tcpdump will print the output on the screen. With the use of -tttt option, you can convert the timestamp in a human-readable format.
I don’t know whether you notice or not, but the timestamps in all the above output are not human readable. With the use of option -A, we can print each packet in ASCII format. With the use of command option -c, we can specify the number of packets we want to capture with tcpdump.
Listening on enp0s3, link-type EN10MB (Ethernet), capture size 262144 bytes Example 3: Limit number of packets capture
Tcpdump: verbose output suppressed, use -v or -vv for full protocol decode You can provide the interface name or interface number which we get in the previous command output. By default tcpdump searches for the lowered number interface in the system interface list. With the use of option -i, we can capture network packets on a specific network interface. See the below command and its example output.Ģ.any (Pseudo-device that captures on all interfaces) Ĥ.nflog (Linux netfilter log (NFLOG) interface)ĥ.nfqueue (Linux netfilter queue (NFQUEUE) interface)ħ.usbmon2 (USB bus number 2) Example 2: Capture traffic from a specific interface Network interfaces with there name and a number are printed by this option. With option -D, we can print the list of available network interfaces on which tcpdump can capture traffic. Practical tcpdump examples Example 1: List all available interfaces
If you have a different OS, you can download it from its Official Website.