Tcpdump Basic Packet Capture Checklist for VPS Troubleshooting

halfbrain_logo512adminJune 18, 2026
6 lượt xem

Tcpdump Basic Packet Capture Checklist for VPS Troubleshooting

tcpdump lets system admins observe network packets on a server. It is useful when logs are not enough and you need to confirm whether traffic reaches the VPS, which port receives packets or whether a service responds.

Core principle

Packet capture is evidence at the network layer. Use it carefully, capture only what you need and avoid exposing sensitive data.

Checklist

  1. Define the exact question before capturing.
  2. Choose the network interface.
  3. Limit capture by host, port or protocol.
  4. Capture briefly.
  5. Avoid capturing sensitive payloads when possible.
  6. Check whether packets reach the server.
  7. Check whether responses leave the server.
  8. Compare packet evidence with firewall and service status.
  9. Save capture only if needed.
  10. Delete sensitive captures after analysis.

Reusable lesson

tcpdump applies to firewall debugging, DNS issues, webhook delivery, API connectivity, reverse proxy problems, database network checks and cloud routing troubleshooting.

Checklist Type Log Analysis
Level Advanced
Risk Level High Risk
Estimated Time 30–90 minutes

When to Use This Checklist

Use this checklist when you need network-layer evidence for traffic, firewall, webhook, API, DNS, reverse proxy or connectivity problems on your own server.

Required Tools

SSH access, sudo access, tcpdump, target host or port, incident time, permission to inspect the server network

Before You Start

Only capture traffic on systems you own or are authorized to administer. Packet captures may contain sensitive data.

Structured Checklist Steps

  1. Define question.
  2. Choose interface.
  3. Set host filter.
  4. Set port filter.
  5. Keep capture short.
  6. Check incoming packets.
  7. Check outgoing responses.
  8. Compare firewall.
  9. Save only if needed.
  10. Clean sensitive captures.
See also  SELinux Context and Troubleshooting Checklist for RHCSA

Verification Steps

  1. Capture scope is limited.
  2. Traffic reachability is confirmed or ruled out.
  3. Firewall or service layer is clearer.
  4. No unnecessary sensitive capture is kept.
  5. Next debugging step is evidence-based.

Rollback Plan

If packet capture shows traffic reaches the server but the app does not respond, stop changing network settings and inspect firewall, listening ports and service logs.

Common Mistakes

  • Capturing everything for too long.
  • Ignoring sensitive data risk.
  • No clear debugging question.
  • Using tcpdump before basic curl and ss checks.
  • Saving captures without cleanup.

Related Commands

sudo tcpdump -i any port 443 -c 50
sudo tcpdump -i any host 1.2.3.4 -c 50
sudo tcpdump -i any tcp port 80 -n -c 50
sudo ss -tulpn
sudo ufw status numbered

Share:

Disclaimer: The guides, checklists, commands, and examples on HalfBrain.net are provided for educational and operational reference only. Server environments, hosting providers, software versions, security settings, and WordPress configurations can vary, so you should always review commands before running them on your own system. We do our best to keep the content accurate and useful, but we cannot guarantee that every command, configuration, or recommendation will fit every environment. Always back up your website, database, and server configuration before making changes. HalfBrain.net is not responsible for data loss, downtime, security incidents, misconfiguration, or other issues that may result from applying the information on this website. Use the material at your own discretion.

halfbrain_logo512
admin

HalfBrain.net is a practical field notebook for people who want to self-operate websites, VPS servers, Linux systems, Docker stacks, Nginx configurations, DNS records, SSL certificates, and AI automation workflows. Our goal is simple: turn messy infrastructure problems into clear, repeatable checklists, commands, and operating procedures. We focus on practical execution, not theory for theory’s sake.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related articles: