Tools
Practical
By Samson Tanimawo, PhD
Published May 4, 2026
4 min read
tcpdump for Network Debugging
tcpdump for incident response.
Live workflow · 3 working · 1 queuedLive
Signal · gather Working
Decide · pick action Working
Apply · with verify Working
Learn · update playbook Queued
Capture
tcpdump -i any -w /tmp/cap.pcap captures to file.
tcpdump -i any host 1.2.3.4 captures specific host.
Read
tcpdump -r /tmp/cap.pcap reads back. Wireshark for visual analysis.
Filters narrow down: port 443, src host, etc.
Careful in prod
Captures sensitive data. Be mindful of compliance.
Time-bounded captures; clean up files after.