84

I am trying to find a way to read multiple ports using tcpdump. Suppose I have two ports, p1 and p2, and I want to read the traffic moving through both ports simultaneously. Is there any way to do it using tcpdump or will I have to use some other tool?

Basically I am running a proxy server which is running on some port. I want to read the traffic moving through this port as well traffic moving through port 80(HTTP).

codeforester
  • 39,467
  • 16
  • 112
  • 140
mawia
  • 9,169
  • 14
  • 48
  • 57
  • 1
    Possible duplicate of [capture network traffic on two different ports simultaneously](http://stackoverflow.com/questions/8309451/capture-network-traffic-on-two-different-ports-simultaneously) – slm May 18 '16 at 17:58

3 Answers3

147
tcpdump port 80 or port 3128

or, alternatively,

tcpdump port '(80 or 443)'
caf
  • 233,326
  • 40
  • 323
  • 462
  • Will all the extra ports apply for the previously defined interface? `eg.: tcpdump -i eth0 port 80 or port 8080 [...]` Or I have to select it explicitly for each port, like: `tcp -i eth0 port 80 or -i eth0 8080`? Both syntaxes working, but I'm unsure which one's correct. – Gergely Lukacsy Jul 24 '17 at 14:51
  • 1
    The `-i` option applies to the command as a whole, so you don't need it more than once. – caf Jul 25 '17 at 03:47
60

if you want to filter ports based on the range then use portrange.

E.g:

tcpdump -an portrange 1-25

Karl
  • 5,613
  • 13
  • 73
  • 107
Deiveegaraja Andaver
  • 782
  • 6
  • 4
4

You can also select an interface (change -i any to -i en0 for example) and the communication protocol :

tcpdump -i any 'udp port 1812 or tcp port 1813'

lucas24007
  • 93
  • 1
  • 6