Capture, filter and inspect packets on Linux from the terminal to find what the network is really doing. 24.12.2025 | reading time: 3 min tcpdump is the command-line microscope for network traffic; it captures and prints packet headers and payload snippets so that the administrator sees actual traffic instead of guessing. Capture a ping and read it Try this live capture to see ICMP echo requests and replies: ```sudo tcpdump -i eth0 icmp -c 4 -nn -vv sudo tcpdump -i eth0 icmp -c 4 -nn -vv: listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes IP 192.168.1.100 > 192.168.1.1: ICMP echo request, id 256, seq 1, length 64 IP 192.168.1.1 > 192.168.1.100: ICMP echo reply, id 256, seq 1, length 64 IP 192.168.1.100 > 192.168.1.1: ICMP echo request, id 256, seq 2, length 64 IP 192.168.1.1 > 192.168.1.100: ICMP echo reply, id 256, seq 2, length 64 4 packets captured 4 packets received by filter 0 packets dropped by kernel ``` Filters, files and performance Use BPF filters like `tcp`, `port 80`, `host 10.0.0.5` or combined expressions to reduce noise; save captures with `-w` and inspect them later with `-r`; select snapshot length with `-s` to capture full payloads or keep small packets for speed; add `-nn` to avoid name resolution and `-q` to compress output; run as root for direct interface access and consider capturing to disk then analyzing, because long live prints can drop packets under load. Where tcpdump fits tcpdump is ideal for quick, scriptable captures and for producing pcap files that other tools consume; for deep protocol decoding use Wireshark, for automated command-line parsing use tshark or Zeek, and for simple pattern matches try ngrep or iptables logging, but begin with tcpdump to validate what actually traverses the NIC. Final lead Start capturing small, focused traces and work outward: reproduce the issue, capture, filter and then open the pcap in a GUI if needed; mastering tcpdump sharpens troubleshooting instincts and prepares for broader Linux networking skills, so consider deepening knowledge and pursuing certifications like CompTIA Linux+ or LPIC-1 with intensive exam preparation at bitsandbytes.academy. Join Bits & Bytes Academy First class LINUX exam preparation. network utilities troubleshooting
