[KB7449] Use tcpdump to perform a packet capture for Linux

Solution

  1. To use tcpdump to make a packet capture, you need the following:
    • Which interface (eth1, eth2, etc) to capture traffic from
    • A userid that can access the interface (usually root)
    • A temporary directory to store the packet captures (usually /tmp)

  2. As the userid with access to the device (root), cd to the temporary directory and make a subdirectory.
    • # cd /tmp
    • # mkdir pc
    • # cd pc

  3. To make a one-minute capture of eth1 start the capture with the following command:
    • # tcpdump -n -nn -N -s 0 -i eth1 -w eth1.pcap
    • # tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes

  4. As an alternative, you can run the following command line as user root, which will stop automatically after 60 seconds.
    • # mkdir –p /tmp/cd ; tcpdump -n -nn -N -s 0 -i eth1 -w /tmp/cd/eth1.pcap & pid=$! ; sleep 60 ; kill -1 $pid
This article applies to
Product
OS
Issue
Last Updated: Oct 12, 2023

Additional resources

User Guides

ESET Forum

YouTube videos

Support News Customer Advisories ESET Status Portal Contact ESET Technical Support

Existing customer?

Chat with ESET AI Advisor for support