7 tcpdump Filters Every Network Engineer Should Know

Stop wasting time on noisy packet captures. In this tutorial, I'm sharing 7 essential tcpdump filters that every network engineer should have in their toolkit. From debugging unencrypted HTTP traffic to troubleshooting TCP handshakes, these commands give you instant visibility. 🚀 What you'll learn: Filtering by protocol (HTTP, DNS, ICMP) Identifying specific TCP flags like SYN Real-world troubleshooting scenarios This is a practical tcpdump tutorial focused on real-world networking, packet capture, and Linux troubleshooting. Commands covered: tcpdump -i any -nn -A port 80 tcpdump -i any -nn port 53 tcpdump -i any -nn icmp tcpdump -i any -nn udp tcpdump -i any 'tcp[tcpflags] & tcp-syn != 0' tcpdump -i any 'tcp[tcpflags] == tcp-syn' tcpdump -i any greater 1000 tcpdump -i any net 192.168.1.0/24 0:00 - Introduction to Precise Filtering (Setting the stage for why engineers filter) 0:14 - Filter 1: Viewing Hex and ASCII Data (-x) (Using the X flag to see actual packet content) 0:24 - Filter 2: Limiting Packet Count (-c) (How to capture a specific amount, like 30 packets) 0:34 - Filter 3: Filtering by Specific Host (Gathering traffic related to a single device) 0:46 - Filter 4: Destination-Based Filtering (Isolating traffic heading to a particular target) 0:58 - Filter 5: Port-Specific Captures (80 & 443) (Targeting HTTP and HTTPS traffic) 1:07 - Filter 6: Combining IP and Port (A more advanced filter for specific service traffic) 1:19 - Filter 7: Excluding Traffic (Logical Not) (Capturing everything except specific ports like SSH) 1:38 - Summary & Next Steps (Closing and call to action) #tcpdump #networkengineering #linux #wireshark #sysadmin #networking #cybersecurity #devops #packetcapture #linuxadmin