In this section, we'll take a look at how to run tcpdump on a Linux system to capture traffic.

If you have a Linux- or a Unix-based system (BSD; whatever it might be) that does not have Wireshark installed and you do not have the option of installing Wireshark, or if you have a system where you don't really want to spend the time to install Wireshark and you just want to do a quick capture, you can do so on almost all of them with tcpdump. This is a very common utility that's installed on almost every single NIC-based system out there.

What we have is a newer version of Ubuntu, and I've opened up the Terminal window, and all you have to do is run tcpdump. It's within the system variable path, so you don't have to go browse for it like we had to for the others on Windows, and I'll run it with --help. We can see that tcpdump has displayed its help contents and it shows us what arguments are available for it to receive: