What is Tcpdump?

Tcpdump

Tcpdump is a common computer network debugging tool that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. It was originally written by Van Jacobson, Craig Leres and Steven McCanne who were, at the time, working in the Lawrence Berkeley Laboratory Network Research Group.

Tcpdump works on most Unix-like platforms: Linux, Solaris, BSD, Mac OS X, HP-UX and AIX among others. In those systems, tcpdump is built upon the libpcap packet capture library.

On Windows, WinDump can be used; it's a version of tcpdump for Windows.

On Unix and most other operating systems, a user must have superuser privileges to use tcpdump due to its use of promiscuous mode.

The user may optionally apply any number of filters to render the output more usable on networks with a high volume of traffic.

Tcpdump prints out the headers of packets on a network interface that match the boolean expression. Under SunOS: You must be root to invoke tcpdump or it must be installed setuid to root. Under Ultrix: Any user can invoke tcpdump once the super-user has enabled promiscuous-mode operation using pfconfig(8). Under BSD: Access is controlled by the permissions on /dev/bpf0, etc.

Common uses of tcpdump
- to debug applications one is writing which utilize the network for communications
- to debug the network setup itself, by determining whether all necessary routing is or is not occurring properly, allowing the user to further isolate the source of a problem
- to intercept and display the communications of another user or computer.

Some protocols, such as telnet and HTTP, transmit information unencrypted over the network. A user with control of a router or gateway through which other computers' unencrypted traffic passes can use tcpdump to view login IDs, passwords, the URLs and content of websites being viewed, or any other information.