Using tcpdump to capture network traffic on the command line

Looking at low level network traffic is often useful to diagnose application/system problems.

This is easy to do in modern browsers using devtools network capture widgets and extensions such as postman, but sometimes you need to diagnose traffic between servers in a live application, as opposed to being able to do the requests yourself from your browser. In these cases, tcpdump shines.

This article will cover how to use tcpdump to diagnose non-encrypted traffic. For encrypted traffic, ssldump can be used provided you have access to the private key used to encrypt the traffic.

To listen for traffic and write to stdout, the snippet is:

tcpdump -i any -s 65535 -n -A expression
  • -i The interface id to listen on ( run tcpdump -D to get a list of available interfaces, or just use the keyword “any” to listen in all network interfaces )
  • -n Don’t convert host addresses to names (avoid dns resolution, makes things faster)
  • -A Print packets in ASCII, excluding link level headers. Use -X for both hex and ASCII printout.
  • -s By default tcpdump only captures the first 68 bytes of each packet. This option allows you specify how much of each packet to capture. The maximum IP packet size is 65535.

See man pcap-filter for a full description of ‘expression’

Examples include:

tcpdump -i 11 -n -A -s 65535 port 80
tcpdump -i 11 -n -A -s 65535 dst host

Other useful flags:

  • -w write packets to a file which can later be replayed
  • -r read packets written with -w


tcpdump -i any -n -A -s 65535 -w network_traffic.capture
tcpdump -n -r network_traffic.capture -A port 80

The examples above will get you started, but for more detail, check the man pages and cheat sheet:

Happy sniffing!

Using tcpdump to capture network traffic on the command line

winetricks fails when installing vcrun2010

You run
winetricks vcrun2010

But get the message:

Using native,builtin override for following DLLs: msvcr100
Executing early_wine regedit c:winetrickstmpoverride-dll.reg
Executing wget -O msxml3.msi -nd -c –read-timeout=300 –retry-connrefused –header Accept-Encoding: gzip,deflate
–2011-03-12 23:10:19–
Connecting to||:80… connected.
HTTP request sent, awaiting response… 404 Not Found
2011-03-12 23:10:20 ERROR 404: Not Found.

Note: command ‘wget -O msxml3.msi -nd -c –read-timeout=300 –retry-connrefused –header Accept-Encoding: gzip,deflate’ returned status 8. Aborting.
vcrun2010 failed

The VC2010 runtime redistributable setup needs to load msxml3. winetricks tries to download it from a location in the website where it is no longer available. Instead, search the web for the file “msxml3.msi” and edit winetricks to point to it, eg:

vi winetricks

Find the load_msxml3 function, and replace the download location:


w_download msxml3 d4c2178dfb807e1a0267fce0fd06b8d51106d913


w_download msxml3

winetricks fails when installing vcrun2010