tcpdump
This article needs additional citations for verification. (September 2010) |
Developer(s) | The Tcpdump team |
---|---|
Initial release | 1988 |
Stable release | 4.99.4
/ April 7, 2023[1] |
BSD license[2] | |
Website | www |
tcpdump is a data-network
Tcpdump works on most
History
tcpdump was originally written in 1988 by
Common uses
tcpdump prints the contents of network packets. It can read packets from a network interface card or from a previously created saved packet file. tcpdump can write packets to standard output or a file.
It is also possible to use tcpdump for the specific purpose of intercepting and displaying the communications of another user or computer. A user with the necessary privileges on a system acting as a
The user may optionally apply a BPF-based filter to limit the number of packets seen by tcpdump; this renders the output more usable on networks with a high volume of traffic.
Example of available capture interfaces on a Linux system:
$ tcpdump -D
1.eth0 [Up, Running, Connected]
2.any (Pseudo-device that captures on all interfaces) [Up, Running]
3.lo [Up, Running, Loopback]
4.bluetooth-monitor (Bluetooth Linux Monitor) [Wireless]
5.usbmon2 (Raw USB traffic, bus number 2)
6.usbmon1 (Raw USB traffic, bus number 1)
7.usbmon0 (Raw USB traffic, all USB buses) [none]
8.nflog (Linux netfilter log (NFLOG) interface) [none]
9.nfqueue (Linux netfilter queue (NFQUEUE) interface) [none]
10.dbus-system (D-Bus system bus) [none]
11.dbus-session (D-Bus session bus) [none]
12.bluetooth0 (Bluetooth adapter number 0)
13.eth1 [none, Disconnected]
Privileges required
In some Unix-like operating systems, a user must have superuser privileges to use tcpdump because the packet capturing mechanisms on those systems require elevated privileges. However, the -Z option may be used to drop privileges to a specific unprivileged user after capturing has been set up. In other Unix-like operating systems, the packet capturing mechanism can be configured to allow non-privileged users to use it; if that is done, superuser privileges are not required.
See also
- Tcptrace, a tool for analyzing the logs produced by tcpdump
- EtherApe, a network mapping tool that relies on sniffing traffic
- Ngrep, a tool that can match regular expressions within the network packet payloads
- netsniff-ng, a free Linux networking toolkit
- Wireshark, a GUI based alternative to tcpdump
References
- ^ "tcpdump and libpcap latest release". The Tcpdump Group. Retrieved 2023-04-07.
- ^ "tcpdump and libpcap license". The Tcpdump Group. Retrieved 2012-04-13.
- ^ Amoedo, Damián (8 April 2018). "Tcpdump, conoce el tráfico de una interfaz de red desde la terminal". Ubunlog (in Spanish). Archived from the original on 9 April 2018. Retrieved 9 April 2018.
Esta herramienta nos va a permitir ver información sobre el tráfico que entra y sale de una interfaz de red determinada. Se trata de una herramienta de diagnóstico que nos va a permitir ver la información de los paquetes. Esta información será de donde provienen los paquetes entrantes y hacia donde se dirigen los paquetes salientes, aportando algo de información adicional. Incluso podremos guardar el resultado en un archivo para echarle un vistazo en otro momento.
- ^ "LICENSE file from source code (public GIT repository)". GitHub.
- ^ McCanne, Steve (13 June 2011). "libpcap: An Architecture and Optimization Methodology for Packet Capture - Sharkfest 2011" (PDF). SharkFest. Retrieved 6 August 2017.