Capture Traffic By An IP Address Or A Network

tcpdump can filter out traffic based on IP address, and a Network, examples below.

Capture Traffic by an IP Address

To capture traffic for an IP address, we can simply use host argument.

$ sudo tcpdump host 1.1.1.1

This will capture both outgoing, and incoming traffic for an IP address, 1.1.1.1 in example above.

Capture Traffic from one direction

If you only want to capture traffic from one direction, we can use src or dst argument.

$ sudo tcpdump src 1.1.1.1
$ sudo tcpdump dst 1.1.1.1

Capture Traffic by a Network

To capture traffic from a network or subnet, we can use net argument.

$ sudo tcpdump net 1.2.3.0/24

Source: Danielmiessler

PreviousCapture ICMP PacketsNextUbuntu

Last updated