Code-Memo

Packet analysis (tcpdump, Wireshark)

tcpdump (CLI capture)

List interfaces:

tcpdump -D

Capture on an interface:

sudo tcpdump -i eth0 -nn

Filter examples:

sudo tcpdump -i eth0 -nn host 1.1.1.1
sudo tcpdump -i eth0 -nn port 53
sudo tcpdump -i eth0 -nn tcp and port 443
sudo tcpdump -i eth0 -nn 'icmp or icmp6'

Write to pcap:

sudo tcpdump -i eth0 -nn -w capture.pcap

Wireshark (GUI)

Workflow:

• Capture locally or open a .pcap
• Apply display filters (e.g., dns, tcp.port == 443)
• Follow streams to inspect application payload (when not encrypted)

Tips

• Use -nn to avoid slow DNS/service-name lookups
• Be mindful of sensitive data in packet captures

Related

• Network troubleshooting