From Wikipedia, the free encyclopedia

Jump to: navigation, search
tcpdump console output
tcpdump console output
Developed by The Tcpdump team
Latest release 4.0.0 / October 27, 2008
Operating system Linux, Solaris, FreeBSD, NetBSD, OpenBSD, Mac OS X, additional *NIX systems, Windows
Type Packet sniffer
License BSD license

tcpdump is a common packet sniffer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. It was originally written by Van Jacobson, Craig Leres and Steven McCanne who were, at the time, working in the Lawrence Berkeley Laboratory Network Research Group.

Distributed under the BSD license,[1] tcpdump is free software.

Tcpdump works on most Unix-like operating systems: Linux, Solaris, BSD, Mac OS X, HP-UX and AIX among others. In those systems, tcpdump uses the libpcap library to capture packets.

There is also a port of tcpdump for Windows called WinDump; this uses WinPcap, which is a port of libpcap to Windows.

In some Unix-like operating systems, a user must have superuser privileges to use tcpdump because the packet capturing mechanisms on those systems require elevated privileges. However, the -Z option may be used to drop privileges to a specific unprivileged user after capturing has been set up. In other Unix-like operating systems, the packet capturing mechanism can be configured to allow non-privileged users to use it; if that is done, superuser privileges are not required.

The user may optionally apply a BPF-based filter to limit the number of packets seen by tcpdump; this renders the output more usable on networks with a high volume of traffic.


[edit] Common uses of tcpdump

Tcpdump is frequently used to debug applications that generate or receive network traffic. It can also be used for debugging the network setup itself, by determining whether all necessary routing is occurring properly, allowing the user to further isolate the source of a problem.

It is also possible to use tcpdump for the specific purpose of intercepting and displaying the communications of another user or computer. A user with the necessary privileges on a system acting as a router or gateway through which unencrypted traffic such as TELNET or HTTP passes can use tcpdump to view login IDs, passwords, the URLs and content of websites being viewed, or any other unencrypted information.

[edit] See also

  • Wireshark, another network protocol analyzer (formerly known as Ethereal) featuring a GUI interface
  • OmniPeek, an analyzer that supports streaming of packets from a remote machine running tcpdump
  • Snoop, a similar utility included with Solaris
  • Tcptrace, a tool for analyzing the logs produced by tcpdump

[edit] References

  1. ^ "LICENSE file from source code (public GIT repository)". 


[edit] External links

Personal tools