tcpdump is a command-line packet sniffing and protocol analyzer tool writtin in C/C++. It captures live RX/TX packets on a network interface in promiscuous mode, and displays the content of the packets in a human-readable format in real time. tcpdump can write captured raw packets to a file, which then can be loaded later by tcpdump for offline analysis. The underlying packet capture library (libpcap for Linux/Unix, and WinPcap for Windows) can selectively capture packets based on filtering rules expressed in BPF (berkely packet filter). The BPF-based filter can capture packets with specific source/destination IP addresses/prefixes, protocols (IP/ICMP/UDP/TCP), port numbers, protocol fields (TCP SYN/FIN/ACK), or even raw bit values at an arbitrary byte offset.
Subscribe to Xmodulo List
Do you want to receive posts about Linux applications and software recommended by Xmodulo List? Enter your email address below, and we will deliver our recommendations straight to your email box, for free. Delivery powered by Google Feedburner.