When capturing packets, you often want to focus on traffic to or from a specific device. You can do this using the host filter in tcpdump. This helps you narrow down your capture to just one IP address, making it easier to analyze relevant traffic.
The host keyword filters packets where either the source or destination matches the given IP.
Basic Syntax
To capture all traffic involving a specific host:
tcpdump host 192.168.1.10This includes both incoming and outgoing packets for that IP.
To limit it further:
tcpdump src host 192.168.1.10Captures only packets from that IP.
tcpdump dst host 192.168.1.10Captures only packets to that IP.
Combine with Other Options
You can also combine with -i, -c, or -nn:
tcpdump -i eth0 -nn host 10.0.0.5This listens on eth0, disables resolution, and filters for traffic involving 10.0.0.5.