Linux Tools: tcpdump

 tcpdump

   tcpdump is a common packet analyzer that runs under the command line. It allows the user to
intercept and display TCP/IP and other packets being transmitted or received over a network to
which the computer is attached. Distributed under the BSD license, tcpdump is free software.
   Tcpdump works on most Unix-like operating systems: Linux, Solaris, BSD, Mac OS X,HP-
UX and AIX among others. In those systems, tcpdump uses the libpcap library to capture
packets.The port of tcpdump for Windows is called WinDump; it uses WinPcap, the Windows
port of libpcap.
• Tcpdump analyzes network behavior, performance and applications that generate or
  receive network traffic
• It can also be used for analyzing the network infrastructure itself by determining whether
  all necessary routing is occurring properly, allowing the user to further isolate the source
  of a problem.
• It is also possible to use tcpdump for the specific purpose of intercepting and displaying
  the communications of another user or computer
• A user with the necessary privileges on a system acting as a router or gateway through
  which unencrypted traffic such asTelnet or HTTP passes can use tcpdump to view login
  IDs, passwords, the URLs and content of websites being viewed, or any other unencrypted
  information.
• The user may optionally apply a Berkeley Packet filter-based filter to limit the number of 
   packets seen by tcpdump; this renders the output more usable on networks with a high 
   volume of traffic.

version: 4.3.0
home page: www.tcpdump.org