Tcpdump

Infobox Software
name = tcpdump


caption = tcpdump console output
developer = The Tcpdump team
latest_release_version = 3.9.7
latest_release_date = July 24, 2007
operating_system = Linux, Solaris, FreeBSD, NetBSD, OpenBSD, Mac OS X, additional *NIX systems, Windows
genre = Packet sniffer
license = BSD license
website = [http://www.tcpdump.org/ www.tcpdump.org]

tcpdump is a common packet sniffer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. It was originally written by Van Jacobson, Craig Leres and Steven McCanne who were, at the time, working in the Lawrence Berkeley Laboratory Network Research Group.

Distributed under a permissive free software licence, [cite web
url=http://cvsweb.tcpdump.org/cgi-bin/cvsweb/tcpdump/LICENSE?rev=1.1
title=LICENSE file from source code] tcpdump is free software.

Tcpdump works on most Unix-like operating systems: Linux, Solaris, BSD, Mac OS X, HP-UX and AIX among others. In those systems, tcpdump uses the libpcap library to capture packets.

There is also a port of tcpdump for Windows called WinDump; this uses WinPcap, which is a port of libpcap to Windows.

In some Unix-like operating systems, a user must have superuser privileges to use tcpdump because the packet capturing mechanisms on those systems require elevated privileges. However, the -Z option may be used to drop privileges to a specific unprivileged user after capturing has been set up. In other Unix-like operating systems, the packet capturing mechanism can be configured to allow non-privileged users to use it; if that is done, superuser privileges are not required.

The user may optionally apply a BPF-based filter to limit the number of packets seen by tcpdump; this renders the output more usable on networks with a high volume of traffic.

Common uses of tcpdump

Tcpdump is frequently used to debug applications that generate or receive network traffic. It can also be used for debugging the network setup itself, by determining whether all necessary routing is occurring properly, allowing the user to further isolate the source of a problem.

It is also possible to use tcpdump for the specific purpose of intercepting and displaying the communications of another user or computer. A user with the necessary privileges on a system acting as a router or gateway through which unencrypted traffic such as TELNET or HTTP passes can use tcpdump to view login IDs, passwords, the URLs and content of websites being viewed, or any other unencrypted information.

See also

*Wireshark, another network protocol analyzer (formerly known as Ethereal) featuring a GUI interface
*OmniPeek, an analyzer that supports streaming of packets from a remote machine running tcpdump
*Snoop, a similar utility included with Solaris
*Tcptrace, a tool for analyzing the logs produced by tcpdump
*Pcap, the library used to implement tcpdump.

References

External links

* [http://www.tcpdump.org/ Official site for tcpdump (and libpcap)]
* [http://www.winpcap.org/windump/ Official site for WinDump]
* [http://ngrep.sourceforge.net/ ngrep, a tcpdump-like tool]
* [http://www.tcpdump.org/papers/bpf-usenix93.pdf Berkeley Packet Filter]
* [http://microolap.com/products/network/tcpdump/ Portable version of tcpdump for Windows]