Utilize TCPDump for Packet Capture

1 hour
  • 4 Learning Objectives

About this Hands-on Lab

In this hands-on lab, we will learn how to capture network traffic using the `tcpdump` command line tool. We will install and configure `tcpdump` on `Server1` to capture web traffic coming from `Client1`.

**Note**: In the lab, you now must specify the capture interface now that the instance has ens5 instead of eth0. By default, tcpdump captures packets on eth0.
sudo tcpdump tcp port 80 -i ens5 -w capture.pcap

Learning Objectives

Successfully complete this lab by achieving the following learning objectives:

Install Tcpdump

Your first task is to install tcpdump. In the video, I ran the command as root — your command will be slightly different.

  1. Run the following command:
    sudo yum install tcpdump
  2. When prompted, enter the password for cloud_user.
Begin the Packet Capture

Begin the packet capture process. You will want to apply a capture filter to limit tcpdump to capture only web requests.

sudo tcpdump tcp port 80 -i ens5 -w capture.pcap
Generate Traffic

Because this isn’t a public web server, you need to generate traffic from Client1 ( to Server1 ( This should be completed while the capture is running. I just ran curl on the headers of Server1 in the Solution video, which can be completed by running the following command from Client1 a few times:

curl -I
Cancel the Capture and View the Results
  1. After some traffic has been generated, cancel the running capture and view the file.
    #tcpdump -r capture.pcap
  2. Move the file to /root/ if it’s not there already.
    sudo mv capture.pcap /root/capture.pcap

Additional Resources

You have been tasked with capturing network traffic coming to our web server (Server1) to troubleshoot network latency issues. You are to capture the web traffic over port 80 from Client1 and record the results in a file called capture.pcap.

Note: In the lab video, the trainer works under the root account. To elevate your privileges when using the cloud_user account, use the sudo command.

What are Hands-on Labs

Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?