Capturing packages

tcpdumps captures packets also when the ping is not running.Why this behavior?

Ping is a computer network administration software utility used to test the reachability of a host on an Internet but tcp dum allows the user to display TCP /IP and other packets being transmitted or received over a network to which the computer is attached.

Hey ankyy! Please read more about tcpdump to get clear picture of what tcpdump command actually does. Tcpdump captures packets from all the interfaces and not just the packets sent during ping.
Use this for your reference:
Happy coding! :slightly_smiling_face:


  • Like a fish net catch different types of fishes big,small etc, tcpdump is a tool to catch all network requests coming to a computer.

  • Now, there are different type of network requests. For example, website content are usually retrieved by a HTTP request which translates to sending a network packet having data in accordance with the HTTP protocol.

  • Also, common requests like HTTP, SSH use predefined ports(although can be changed). HTTP - 80, FTP - 21, SSH-22, DNS-53

  • Coming to your question why tcpdump is capturing packets even when we are not running packets. It’s because there are other ports open if you check with netstat like 8080 and 2049. 8080 is a popular alternative to port 80 for HTTP and 2049 is for NFS(network file storage). These are the main culprits flooding the tcpdump output.

  • NFS, I think is being used because our workspace data is in cloud and changes we make is being backed up to the cloud periodically.

  • If you want to allow only requests to and from your QBox Server, think/find what all ports are we using?