To capture traffic related to a specific network port, tcpdump lets you filter using the port keyword. This is useful when analyzing certain services or protocols like HTTP (port 80) or HTTPS (port 443).
You can also filter based on whether the traffic is incoming to or leaving from a specific port.
Basic Syntax
To capture all traffic involving a specific port:
tcpdump port 80Captures both incoming and outgoing traffic on port 80.
To narrow it down:
tcpdump src port 80Captures only packets from port 80.
tcpdump dst port 80Captures only packets to port 80.
- [ ]
Combine with Other Options
You can combine port filters with interfaces, limits, and formatting:
tcpdump -i wlan0 -nn port 443tcpdump -i eth0 -c 50 -A dst port 80