Tcpdump
Encyclopedia
tcpdump is a common packet analyzer that runs under the command line. It allows the user to intercept and display TCP/IP and other packets being transmitted or received over a network
to which the computer is attached. Distributed under the BSD license, tcpdump is free software
.
Tcpdump works on most Unix-like
operating system
s: Linux
, Solaris, BSD, Mac OS X
, HP-UX
and AIX
among others. In those systems, tcpdump uses the libpcap library to capture packets. The port
of tcpdump for Windows
is called WinDump; it uses WinPcap, the Windows port of libpcap.
, Craig Leres and Steven McCanne who were, at the time, working in the Lawrence Berkeley Laboratory Network Research Group.
It is also possible to use tcpdump for the specific purpose of intercepting and displaying the communications of another user or computer. A user with the necessary privileges on a system acting as a router or gateway through which unencrypted traffic such as Telnet
or HTTP passes can use tcpdump to view login IDs, passwords, the URL
s and content of websites being viewed, or any other unencrypted information.
The user may optionally apply a BPF
-based filter to limit the number of packets seen by tcpdump; this renders the output more usable on networks with a high volume of traffic.
operating system
s, a user must have superuser
privileges to use tcpdump because the packet capturing mechanisms on those systems require elevated privileges. However, the -Z option may be used to drop privileges to a specific unprivileged user after capturing has been set up. In other Unix-like operating systems, the packet capturing mechanism can be configured to allow non-privileged users to use it; if that is done, superuser privileges are not required.
Computer network
A computer network, often simply referred to as a network, is a collection of hardware components and computers interconnected by communication channels that allow sharing of resources and information....
to which the computer is attached. Distributed under the BSD license, tcpdump is free software
Free software
Free software, software libre or libre software is software that can be used, studied, and modified without restriction, and which can be copied and redistributed in modified or unmodified form either without restriction, or with restrictions that only ensure that further recipients can also do...
.
Tcpdump works on most Unix-like
Unix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s: Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
, Solaris, BSD, Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
, HP-UX
HP-UX
HP-UX is Hewlett-Packard's proprietary implementation of the Unix operating system, based on UNIX System V and first released in 1984...
and AIX
AIX operating system
AIX AIX AIX (Advanced Interactive eXecutive, pronounced "a i ex" is a series of proprietary Unix operating systems developed and sold by IBM for several of its computer platforms...
among others. In those systems, tcpdump uses the libpcap library to capture packets. The port
Porting
In computer science, porting is the process of adapting software so that an executable program can be created for a computing environment that is different from the one for which it was originally designed...
of tcpdump for Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
is called WinDump; it uses WinPcap, the Windows port of libpcap.
History
It was originally written in 1987 by Van JacobsonVan Jacobson
Van Jacobson is one of the primary contributors to the TCP/IP protocol stack which is the technological foundation of today’s Internet. He is renowned for his pioneering achievements in network performance and scaling....
, Craig Leres and Steven McCanne who were, at the time, working in the Lawrence Berkeley Laboratory Network Research Group.
Common uses
Tcpdump analyzes network behavior, performance and applications that generate or receive network traffic. It can also be used for analyzing the network infrastructure itself by determining whether all necessary routing is occurring properly, allowing the user to further isolate the source of a problem.It is also possible to use tcpdump for the specific purpose of intercepting and displaying the communications of another user or computer. A user with the necessary privileges on a system acting as a router or gateway through which unencrypted traffic such as Telnet
TELNET
Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection...
or HTTP passes can use tcpdump to view login IDs, passwords, the URL
Uniform Resource Locator
In computing, a uniform resource locator or universal resource locator is a specific character string that constitutes a reference to an Internet resource....
s and content of websites being viewed, or any other unencrypted information.
The user may optionally apply a BPF
Berkeley Packet Filter
The Berkeley Packet Filter or BPF provides, on some Unix-like systems, a raw interface to data link layers, permitting raw link-layer packets to be sent and received...
-based filter to limit the number of packets seen by tcpdump; this renders the output more usable on networks with a high volume of traffic.
Privileges required
In some Unix-likeUnix-like
A Unix-like operating system is one that behaves in a manner similar to a Unix system, while not necessarily conforming to or being certified to any version of the Single UNIX Specification....
operating system
Operating system
An operating system is a set of programs that manage computer hardware resources and provide common services for application software. The operating system is the most important type of system software in a computer system...
s, a user must have superuser
Superuser
On many computer operating systems, the superuser is a special user account used for system administration. Depending on the operating system, the actual name of this account might be: root, administrator or supervisor....
privileges to use tcpdump because the packet capturing mechanisms on those systems require elevated privileges. However, the -Z option may be used to drop privileges to a specific unprivileged user after capturing has been set up. In other Unix-like operating systems, the packet capturing mechanism can be configured to allow non-privileged users to use it; if that is done, superuser privileges are not required.
See also
- PacketsquarePacketsquarePacketSquare is a free and open-source pcap-based network protocol testing tool. It is used for testing network devices , network troubleshooting, analysis, software and communications protocol development, and education.Currently PacketSquare-CapEdit runs on Linux, using the GTK+ widget toolkit...
, A protocol field (pcap) editor and replay tool - TcptraceTcptracetcptrace is a tool written by Shawn Ostermann at Ohio University, for analysis of TCP dump files. It can take as input the files produced by several popular packet-capture programs, including tcpdump/WinDump/Wireshark, snoop, , and Agilent NetMetrix....
, a tool for analyzing the logs produced by tcpdump - EtherApeEtherapeEtherApe is a packet sniffer/network traffic monitoring tool, developed for Unix. EtherApe is free, open source software developed under the GNU General Public License.- Functionality :...
, a network mapping tool that relies on sniffing traffic - NgrepNgrepngrep is a network packet analyzer written by Jordan Ritter. It runs under the command line, and relies upon the pcap library and the GNU regex library....
, a tool that can match regular expressions within the network packet payloads