Tcpdump

From Wikipedia, the free encyclopedia

You have new messages (last change).
The correct title of this article is tcpdump. The initial letter is shown capitalized due to technical restrictions.
tcpdump
tcpdump console output
tcpdump console output
Developer: The Tcpdump team
Latest release: 3.9.5 / September 19, 2006
OS: Linux, Solaris, FreeBSD, NetBSD, OpenBSD, Mac OS X, additional Unix-like systems, Windows
Use: Packet sniffer
License: BSD license
Website: http://www.tcpdump.org/

tcpdump is a common computer network debugging tool that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network to which the computer is attached. It was originally written by Van Jacobson, Craig Leres and Steven McCanne who were, at the time, working in the Lawrence Berkeley Laboratory Network Research Group.

Tcpdump works on most Unix-like platforms: Linux, Solaris, BSD, Mac OS X, HP-UX and AIX among others. In those systems, tcpdump is built upon the libpcap packet capture library.

On Windows, WinDump can be used; it's a port of tcpdump to Windows.

On Unix and most other operating systems, a user must have superuser privileges to use tcpdump due to its use of promiscuous mode (though it can be configured not to put the capture interface into this mode via the -p command-line switch), but also due to the fact that various unix network packet capturing schemes (raw sockets, special devices, etc.) require elevated privileges.

The user may optionally apply any number of bpf-based filters to render the output more usable on networks with a high volume of traffic.

[edit] Common uses of tcpdump

  • to debug applications one is writing which utilize the network for communications
  • to debug the network setup itself, by determining whether all necessary routing is or is not occurring properly, allowing the user to further isolate the source of a problem
  • to intercept and display the communications of another user or computer. Some protocols, such as telnet and HTTP, transmit information unencrypted over the network. A user with control of a router or gateway through which other computers' unencrypted traffic passes can use tcpdump to view login IDs, passwords, the URLs and content of websites being viewed, or any other information.
  • to stream packets from any machine with tcpdump and SSH to a machine running OmniPeek or EtherPeek with the TCPDump Remote Adapter. The TCPDump Remote Adapter is freely available at http://www.omnipeek.com

[edit] See also

Portal:Free software
 Free software Portal
  • Wireshark, is a GUI network protocol analyzer formally known as Ethereal
  • OmniPeek is an analyzer that supports streaming of packets from a remote machine running tcpdump.
  • Packet sniffer
  • Snoop, a similar program on Solaris
  • Tcptrace, a tool for analysing the logs produced by TCPdump.

[edit] External links

Retrieved from "http://en.wikipedia.org../../../t/c/p/Tcpdump.html"