中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeTCPDUMP: TCP/IP Packet Analysis Utility

TCPDUMP: TCP/IP Packet Analysis Utility

Tcpdump is a popular computer network debugging and security tool which allows the user to intercept and display TCP/IP packets being transmitted or received over a network to which the computer is attached. Tcpdump allows us to precisely see all the traffic and enables us to create statistical monitoring scripts.

At an ethernet segment, tcpdump operates by putting the network card into promiscuous mode in order to capture all the packets going through the wire. Using tcpdump we have a view on any TCP/UDP connection establishment and termination and we can measure the response time and the packet loss percentages. It can also tell us about lack of reachability for some distant server. Common Uses of tcpdump are as follows:

  • to debug applications one is writing which utilize the network for communications
  • to debug the network setup itself, by determining whether all necessary routing is or is not occurring properly
  • to intercept and display the communications of another user or computer. Some protocols, such as telnet and HTTP, transmit information unencrypted over the network. A user with control of a router or gateway through which other computers' unencrypted traffic passes can use tcpdump to view login IDs, passwords, the URLs and content of websites being viewed, or any other information.

tcpdump is a command line, text mode only program. One major drawback to tcpdump is the size of the flat file containing the text output. Ethereal is a similar program with a GUI frontend, and many additional formatting, sorting, and display facilities. There are many commercial software tools perform similar and enhanced functions. Javvin's Packet Analyzer is one of the leading software in this category.

Tcpdump is the most popular sniffer/packet analysis tool on Unix systems. On Unix and most other operating systems, a user must have the equivalent of root or system administrator privileges to use tcpdump due to its use of promiscuous mode.

WinDump is the porting to the Windows platform of tcpdump. WinDump is fully compatible with tcpdump and can be used to watch and diagnose network traffic according to various complex rules. It can run under Windows 95/98/ME, and under Windows NT/2000/XP.

TCPdump Usage

tcpdump [-aenStvx] [-F file] [-i int] [-r file] [-s snaplen] [-w file] [‘filter_expression’]

  • -e Display data link header
  • -F Filter expression in file
  • -i Listen on int interface
  • -n Don’t resolve IP addresses
  • -r Read packets from file
  • -s Get snaplen bytes from each packet
  • -t Don’t print timestamp
  • -v Verbose mode
  • -w Write packets to file
  • -x Display in hex
  • -X Display in hex and ASCII

Related Terms: WinDump, Ethereal, Javvin Packet Analyzer

Reference Links:http://www.tcpdump.org: The official site of tcpdump

‹ Sieve: An Email Filtering LanguageupTraceroute: A TCP/IP Packet Route Tracing Tool ›

Reply

The content of this field is kept private and will not be shown publicly.
  • Use <!--pagebreak--> to create page breaks.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <!--pagebreak--> <img> <br> <table> <tr> <td> <tbody> <p>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
5 + 4 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.