Tcpdump On Windows Review

sudo apt update sudo apt install tcpdump

| Task | Command (Admin CMD) | |------|---------------------| | List interfaces | windump -D | | Capture 50 packets on iface 2 | windump -i 2 -c 50 | | Save to file | windump -i 2 -w capture.pcap | | Read file | windump -r capture.pcap | | HTTP traffic only | windump -i 2 port 80 | | No name resolution | windump -n -i 2 | tcpdump on windows

windump -i 2 -w capture.pcap windump -i 2 -c 100 -w web_traffic.pcap sudo apt update sudo apt install tcpdump |

| tcpdump | tshark equivalent | |---------|------------------| | tcpdump -i eth0 | tshark -i 2 | | tcpdump -c 5 | tshark -c 5 | | tcpdump -w file.pcap | tshark -w file.pcap | | tcpdump -r file.pcap | tshark -r file.pcap | | tcpdump port 80 | tshark -f "port 80" (capture filter) or tshark -Y "tcp.port==80" (display filter) | tcpdump on windows