tcpdump is a common packet analyzer that runs under the command line. It allows the user to
intercept and display TCP/IP and other packets being transmitted or received over a network to
which the computer is attached. Distributed under the BSD license, tcpdump is free software.
Tcpdump works on most Unix-like operating systems: Linux, Solaris, BSD, Mac OS X,HP-
UX and AIX among others. In those systems, tcpdump uses the libpcap library to capture
packets.The port of tcpdump for Windows is called WinDump; it uses WinPcap, the Windows
• Tcpdump analyzes network behavior, performance and applications that generate or
receive network traffic
• It can also be used for analyzing the network infrastructure itself by determining whether
all necessary routing is occurring properly, allowing the user to further isolate the source
of a problem.
• It is also possible to use tcpdump for the specific purpose of intercepting and displaying
the communications of another user or computer
• A user with the necessary privileges on a system acting as a router or gateway through
which unencrypted traffic such asTelnet or HTTP passes can use tcpdump to view login
IDs, passwords, the URLs and content of websites being viewed, or any other unencrypted
• The user may optionally apply a Berkeley Packet filter-based filter to limit the number of
packets seen by tcpdump; this renders the output more usable on networks with a high
volume of traffic.
home page: www.tcpdump.org