TCPDump is a tool for network monitoring and data acquisition. It can be used for debugging network/server related problems. Tcpdump prints out a description of the contents of packets on a network interface that match the Boolean expression and move the contents to a file as well. We can also listen on a particular port number to monitor the data flow
Run the below command to install TCPDump in Ubuntu
sudo apt-get install tcpdump
Assume that you want to capture the traffic coming from and to port number 80 run the below command to take the Dump
sudo tcpdump -i any -w dump-file.pcap port 80
You should exit by entering Ctrl + C, otherwise it will be running continuously
The above command listens for the incoming and outgoing connections and capture it and move the data to dump-file.pcap file.
Once you have the file, then you can use Wireshark to view the data
Run the below command to install Wireshark in Ubuntu
sudo apt-get install wireshark
Then view the output by running the below command
It will open up the Wireshark UI where you can view all the traffic. Just right click on any one the link and give “Follow TCP stream” and you can view all the streaming content.