Textbook of Linux

Dr Chris Paton

← Software

tcpdump

A command-line packet analyser.

tcpdump captures and displays packets on a network interface, filtering with a powerful BPF-based expression language. It is the canonical low-level tool for diagnosing networking problems on the command line — the first thing reached for when "the network seems wrong" is a vague complaint, and the tool that ultimately pinpoints the cause more often than any other.

The tool dates back to 1988 at Lawrence Berkeley National Laboratory, written by Van Jacobson, Craig Leres, and Steven McCanne. It and the underlying libpcap library it carries established the de facto packet-capture API on Unix systems; Wireshark, Snort, ntopng, and dozens of other tools all use libpcap.

tcpdump's pcap output format is a universal standard — the same file works in tcpdump, Wireshark, Suricata, Zeek, and almost every other packet-analysis tool. The classic workflow is to capture with tcpdump on a remote server (small command-line footprint, easy to ssh in and run), then analyse on a desktop in Wireshark for the GUI dissectors and graphical filters.

License: BSD-3-Clause

Category: Networking

Website: https://www.tcpdump.org/

Install

Debian/Ubuntu: sudo apt install tcpdump
Fedora/RHEL:   sudo dnf install tcpdump
Arch:          sudo pacman -S tcpdump
macOS:         already preinstalled

Authors

  • Van Jacobson, Craig Leres, Steven McCanne (origin)
  • The tcpdump.org team
PreviousTaskwarrior NextTekton

This site is currently in Beta. Contact: Chris Paton

Textbook of AI · Textbook of Usability · Textbook of Digital Health

Auckland Maths and Science Tutoring