Export to a file

tcpdump -i <interface> -s 65535 -w name.pcap


  • -n:  will suppress name resolution of IPs, improving capture performance.
  • -nn: will also suppress protocol lookups
  • -x : Display a hex dump of the packet contents with line numbering.
  • -X : will Produce the friendly printable characters see in the rightmost column of the bottom pane of the Wireshark capture display
  • -s : Define the snaplength (size) of the capture in bytes, by default tcpdump only capture the first 68 bytes of a packet. Use -s 0 to get full length of any packets, unless you are intentionally capturing less
  • -w : write to file a file, in which way we can use it for analyse later. Note that use “>” to redirect the output will not work.


Promiscuous mode

Simply add the -I option to your tcpdump command.