This program allows you to dump the traffic on a network. tcpdump is able to
examine IPv4, ICMPv4, IPv6, ICMPv6, UDP, TCP, SNMP, AFS BGP, RIP, PIM, DVMRP,
IGMP, SMB, OSPF, NFS and many other packet types.
It can be used to print out the headers of packets on a network interface,
filter packets that match a certain expression. You can use this tool to track
down network problems, to detect attacks or to monitor network activities.
This snap is not maintained by https://www.tcpdump.org/ and instead packages
the deb of tcpdump from the Ubuntu archive as a snap. Please see the developer
website (below) for details.
Usage
$ sudo tcpdump
tcpdump will drop privileges to the snap_daemon user and group by default. To write out captures, the /var/snap/tcpdump/common/captures directory is created with snap_daemon ownership. Eg:
$ sudo tcpdump -w /var/snap/tcpdump/common/captures/my.pcap
If you prefer, you may use '-Z root' to prevent dropping privileges and then write out anywhere in the snap's writable areas.
If want to save pcap files to $HOME or /media, optionally:
$ sudo snap connect tcpdump:home
$ sudo snap connect tcpdump:removable-media
In these cases, you will need to create a directory that snap_daemon can write to. Eg:
$ mkdir -m 770 $HOME/captures
$ sudo chown root:snap-daemon $HOME/captures
$ sudo tcpdump -w $HOME/captures/my.pcap
Integration with other snaps
This snap exports the /var/snap/tcpdump/common/captures as a writable area via the content interface. Other snaps may specify in their snap.yaml:
plugs:
captures:
interface: content
target: $SNAP_DATA/tcpdump-captures
Then when install that snap:
$ sudo snap connect <yoursnap>:captures tcpdump:captures